FWCloud: All your firewalls at the reach of your hand

Posted by on | Featured

FWCloud: All your firewalls at the reach of your hand

Would you like to manage all your firewalls easily and securely, anywhere from any device? FWCloud is the solution you need

FWCloud is an OpenSource web application that allows centralized and secure management of Linux-based firewalls, facilitating, in addition to many other functionalities, the management of security policies..

It is an OpenSource project developed entirely by the R&D&I department of SOLTECSIS SOLUCIONES TECNOLÓGICAS, S.L. published with the Affero GNU v3 General Public License, which allows the end user, if they have the necessary knowledge, to use the source code of the program to study it, review it, modify it and make improvements to it, and may even redistribute it..

FWCloud comes up as an idea to facilitate our daily work when managing the computer security of our clients and which we finally decided to convert into our contribution to the free software community to which we have so much to thank. .

Being an in-house development allows us to gradually incorporate new functionalities and improvements as the need arises. Many of these improvements have been proposed through the forum in which the community of users who make use of the application express their doubts and proposals.

FWCloud is an application aimed at computer security whose objective is to simplify the administration and maintenance of computer resources (firewalls, VPNs, networks, etc.) intended to improve the security of a company’s communications.

Firewall, in computing, is the part of a computer system or computer network that is designed to block unauthorized access, while allowing authorized communications.

Firewalls can be implemented in hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. It is also common to connect the firewall to a third network, called a demilitarized zone or DMZ, where the organization’s servers located there must remain accessible from the outside network.

A VPN or virtual private network is a computer networking technology that allows a secure extension of the local area network (LAN) over a public or uncontrolled network such as the Internet. It allows the computer on the network to send and receive data over shared or public networks as if it were a private network, with all the functionality, security and management policies of a private network. This is done by establishing a virtual point-to-point connection by using dedicated connections, encryption, or a combination of both methods.

Common examples are the possibility of connecting two or more branches of a company using the Internet as a link, allowing members of the technical support team to connect from home to the computer center or allowing a user to access their home computer from a remote location, such as a hotel. All this using the Internet infrastructure.

FWCloud is a cloud application, which means it can be used from anywhere, at any time and with any device, always with simple and secure access.

FWCloud allows you to manage all firewalls centrally in a very simple and secure way, from a single web interface. You do not need to install anything on your terminal to access the user interface, you just need a web browser.

 

From a single application we can manage heterogeneous firewalls based on:

  • Virtual machines.
  • Bare metal servers.
  • Routers.
  • Firewalls embedded in servers.
  • Multi-node firewall clusters, physical, virtual or hybrid.

It t uses the latest technologies and is accessible through a web interface. In addition to the basic functionalities mentioned (security policy management, configuration and maintenance of VPN connections), it allows, through the use of plugins, to manage advanced functionalities such as: management and assignment of dynamic IP addresses (DHCP), creation of route tables, management of connection blocking rules based on geolocation and even next-generation firewall (NGFW) functionalities such as: QoS (Quality of Service), policy routing, traffic analysis and IDS/IPS (Intrusion Detection System/Intrusion Prevention System), among others.

All of this, always manageable in a simple, graphic and visual way, with actions such as copy, paste, drag, search, group, modify colors, etc.

Creating a security policy rule is as simple as right-clicking and selecting new rule

, then taking the elements that make it up and dropping them into the appropriate fields of the rule as appropriate.

To make the security policy easier to read, the rules can be grouped into groups that can be collapsed or expanded as appropriate.

The FWCloud architecture is based on the separation between the user interface and the API, allowing independent management of the user interface to perform specific tasks.

At the architectural level, FWCloud is mainly composed of two modules:

  • FWCloud-UI: is the user interface that allows the user to manage cloud firewalls. It is a web interface accessible through browsers such as Chrome or Firefox, developed using the Angular framework to provide a desktop-like look and feel.

  • FWCloud-API: the REST API that handles all actions requested by the user. It is developed in Node.JS, an event-based JavaScript server environment that executes code asynchronously, performing all the actions allowed by the application. And it is possible to access the API directly without using FWCloud-UI to carry out automatic actions, such as blocking an IP address.

Key design features of FWCloud include:

  • Simplicity: Allows you to manage all security components in a simple and graphic way.

  • Security: Given the important role that firewalls play as a fundamental part of computer security, it is very important that access to FWCloud is secure and reliable. For them, triple authentication mechanisms are used that guarantee both the authenticity of the administrator who accesses the application and the encryption of communications.

  • Multi-tenant: Allows you to manage several clients from the same FWCloud installation.

  • Firewall cluster management without node limits: Facilitates the management of multiple logically grouped firewalls.

  • Offline administration: Configuration changes are applied when the user decides, allowing for more controlled management.

  • Centralized administration: Through the FWCloud web interface it is possible to centrally manage all your firewalls. You do not need to access each firewall individually. From FWCloud you can manage all resources.

  • Logical grouping of objects using FWClouds: Allows logical grouping of firewall clouds, including firewall clusters, IP objects, groups, VPN connections, etc.

  • Import and export of FWClouds: Clouds can be migrated between different FWCloud installations.

  • Configuration and scheduling of backups and snapshotss: Allows the application to be operational again immediately in the event of a catastrophe.

  • Access to firewalls through SSH protocol or through FWCloud-Agent: It offers two methods for communication with firewalls, always prioritizing security and efficiency in addition to compatibility with managed equipment. FWCloud-Agent improves communication with firewalls, optimizing security and enabling additional functionality.

  • Auto-discovery: Automatically incorporates a cluster of firewalls, along with their network interfaces and configured IP addresses.

  • Migration facilities: To incorporate firewalls previously managed by other tools into the application.

  • Complete and up-to-date documentation: Provides a detailed step-by-step guide to using and configuring the application. The documentation is complemented by video tutorials and a forum where you can ask your questions, propose improvements or share your concerns and experiences with other users of FWCloud community.

FWCloud can be installed on your own servers, both physical and virtual, or alternatively, contact SOLTECSIS to use our cloud service, FWCloud.net, and manage your cloud firewalls.

Installation can be done using the FWCloud-Installer installation script (the traditional method), using the DEB or RPM packages from our repository (the easiest option) or even using a Docker image.

It should be noted that the FWCloud project has been partially funded, for two consecutive years: 2022 and 2023, by the Valencian Institute of Business Competitiveness (IVACE) included within the SME INNOVATION PROJECTS (INNOVA-CV) aid program, in the action of TEIC Innovation, co-funded by the FEDER Funds within the FEDER Operational Program of the Valencian Community 2021-2027.

These types of subsidies are very useful to us to guarantee that we can continue investing in R&D&I in order to improve the solution FWCloud day by day.

In conclusion, FWCloud is a robust, flexible, very complete, free software and continuously growing solution for the centralized administration of advanced Linux-based firewalls, offering a wide range of advanced features and functionalities to facilitate the management of local and remote firewalls. in business and information security environments.

Comments are closed.