Exploring firewalls
IBM Cloud® offers several firewalls to choose from. The following table compares the firewall solutions to help you choose the one that's right for you. To learn more about the individual offering, click its name in the table.
These offerings are not managed services. When using them, you should understand the shared responsibilities between the client (or their managed services provider) and IBM. For more information, refer to Roles and responsibilities for IBM Cloud gateways and firewalls.
| Security Groups (VSI only) | IBM Cloud Juniper vSRX Standard | Virtual Router Appliance | FortiGate Security Appliance 10 Gbps | Hardware Firewall | Cloud Internet Services | Virtual FortiGate Security Appliance | |
|---|---|---|---|---|---|---|---|
| Stateful Packet Inspection |  |
|
|
|
|
IP firewall only | |
| Public Network Protection | |
|
|
|
|
|
|
| Private Network Protection | |
|
|
|
|
||
| Ingress Rules | |
|
|
|
|
IP Firewall only | |
| Egress Rules | |
|
|
|
|
||
| Single Tenant Appliance | |
|
|
|
|
||
| VLAN Protection | |
|
|
|
|
||
| Multi-VLAN Support | |
|
|
|
|||
| NAT Support | |
|
|
|
|||
| SSL/IPsec VPN Termination | |
|
|
|
|
||
| Open VPN Termination | |
Only with single port on TCP/UDP | |
||||
| HA Option | N/A | |
|
|
Using range and load balancers | |
|
| Manage from API & Portal | Yes | Appliance GUI | Appliance GUI | Appliance GUI | Yes | Cloud console | Appliance GUI |
| 10 Gbps Support | N/A | |
|
|
|
||
| NGFW Add-ons (IPS, AV, WF) | |
|
TLS encryption, IP Firewall rules, and Proxy Protocol v1 | |
|||
| Remote Access VPN | |
|