Architecture Update: prepare for Google Firewall Plus / NGFW - Githubissues

GoogleCloudPlatform / pubsec-declarative-toolkit

The GCP PubSec Declarative Toolkit is a collection of declarative solutions to help you on your Journey to Google Cloud. Solutions are designed using Config Connector and deployed using Config Controller.

Apache License 2.0

31 stars 28 forks source link

Architecture Update: prepare for Google Firewall Plus / NGFW #616

Open fmichaelobrien opened 11 months ago

fmichaelobrien commented 11 months ago

See plus differentiator in https://cloud.google.com/firewall

shadow https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/396

TL;DR

A request by a large federal client for IDS or NGFW (formerly Firewall+)capabilities in the TEF that includes GPS(Standard) IPS(Enterprise) and micro segmentation

Add GCP Cloud NGFW (Firewall plus) NGFW https://cloud.google.com/security/products/firewall?hl=en#cloud-ngfw-tiers NGFW https://cloud.google.com/firewall/docs/about-firewalls NGFW enterprise with IPS https://cloud.google.com/firewall/docs/about-intrusion-prevention https://www.paloaltonetworks.com/blog/network-security/netsec-google-cloud-firewall-plus/ likely location next to https://github.com/terraform-google-modules/terraform-example-foundation/tree/master/3-networks-hub-and-spoke/modules/hierarchical_firewall_policy

Links

GCP Firewall plus - https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-firewall-plus-with-intrusion-prevention config connector IDS version https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/tree/main/solutions/ids Palo Alto VM Series NGFW https://cloud.google.com/architecture/partners/palo-alto-networks-ngfw PA VM Series NGFW example https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/examples/standalone_vmseries_with_metadata_bootstrap IDS https://cloud.google.com/security/products/intrusion-detection-system?hl=en https://github.com/GoogleCloudPlatform/terraform-google-network-forensics standard firewall https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall Fortinet based Fortigate NGFW https://github.com/fortinet/fortigate-tutorial-gcp

see https://github.com/terraform-google-modules/terraform-google-network/tree/master/modules/network-firewall-policy see https://github.com/hashicorp/terraform-provider-google/issues/17030 b/321386368

fmichaelobrien commented 5 months ago

Video on Google NGFW from Ryan https://www.youtube.com/watch?v=OCqnf2E6zn0