GoogleCloudPlatform / pbmm-on-gcp-onboarding

GCP Canadian Public Sector Landing Zone overlay on top of the TEF via CFT modules - a secure cloud foundation
https://cloud.google.com/architecture/security-foundations
Apache License 2.0
45 stars 56 forks source link

FR: Add Cloud NGFW Essential capability with optional Standard or Enterprise based IPS in the TEF 3-networks-hub-and-spoke folder and associated terraform-google-modules #396

Closed fmichaelobrien closed 3 months ago

fmichaelobrien commented 7 months ago

20240515 See ngfw terraform support

shadow https://github.com/terraform-google-modules/terraform-example-foundation/issues/1183 see https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/issues/616

TL;DR

A request by a large federal client for IDS or NGFW (formerly Firewall+) capabilities in the TEF that includes GPS(Standard) IPS(Enterprise) and micro segmentation

Pull out the default transitivity NVA VMs in 3-n-h-a-s and overlay NGFW

Screenshot 2024-05-15 at 3 50 54 PM

Optional: modularize around 3rd party NGFW like https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/389

Add GCP Cloud NGFW (Firewall plus) NGFW https://cloud.google.com/security/products/firewall?hl=en#cloud-ngfw-tiers NGFW https://cloud.google.com/firewall/docs/about-firewalls NGFW enterprise with IPS https://cloud.google.com/firewall/docs/about-intrusion-prevention https://www.paloaltonetworks.com/blog/network-security/netsec-google-cloud-firewall-plus/ likely location next to https://github.com/terraform-google-modules/terraform-example-foundation/tree/master/3-networks-hub-and-spoke/modules/hierarchical_firewall_policy

Links

GCP Firewall plus - https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-firewall-plus-with-intrusion-prevention config connector IDS version https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/tree/main/solutions/ids Palo Alto VM Series NGFW https://cloud.google.com/architecture/partners/palo-alto-networks-ngfw PA VM Series NGFW example https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/examples/standalone_vmseries_with_metadata_bootstrap IDS https://cloud.google.com/security/products/intrusion-detection-system?hl=en https://github.com/GoogleCloudPlatform/terraform-google-network-forensics standard firewall https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall Fortinet based Fortigate NGFW https://github.com/fortinet/fortigate-tutorial-gcp

Terraform Resources

No response

Detailed design

No response

Additional information

No response

fmichaelobrien commented 7 months ago

see https://github.com/terraform-google-modules/terraform-google-network/tree/master/modules/network-firewall-policy see https://github.com/hashicorp/terraform-provider-google/issues/17030 b/321386368

fmichaelobrien commented 7 months ago

Video on Google NGFW from Ryan https://www.youtube.com/watch?v=OCqnf2E6zn0

fmichaelobrien commented 6 months ago

See ngfw terraform support

github-actions[bot] commented 3 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days