To protect your environment, every MacStadium private cloud deploys with a dedicated Cisco firewall that offers unmatched protection and enhanced security for your entire environment. MacStadium dedicated firewalls give your security teams root access to the firewall, the ability to configure settings to their specifications, and even the ability to lock MacStadium out so you maintain total control.
With Cisco firewalls, MacStadium customers can:
Depending on your needs, MacStadium offers both virtual and physical Cisco firewalls.
Cisco Adaptive Security Virtual Appliance (ASAv)
MacStadium offers virtual firewall solutions based on the best-selling Cisco Adaptive Security Appliance (ASA) protocol. The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs, delivering full ASA firewall and VPN capabilities to cloud environments that help safeguard traffic and multitenant architectures. Optimized for data center deployments, the ASAv is designed to work as a virtual machine. The advantage for MacStadium customers of using a virtual firewall comes from faster deployments and easier upgrades. We recommend ASAv firewalls for all use cases that have sustained throughput demands of less than 500 Mbps (125 Mbps Encrypted) as it delivers exceptional security and performance at a great price.
With a Cisco ASAv protecting their MacStadium private cloud, customers can:
The virtual appliance supports the same site-to-site VPN, remote-access VPN, and clientless VPN functionalities that physical ASA devices do. Most of the features that are supported on a physical ASA by Cisco software are also supported on the virtual appliance, with the notable exceptions of Cisco not supporting clustering and multiple contexts support (i.e. having multiple separate (virtual) firewalls on the same hardware) on ASAv implementations.
Cisco Adaptive Security Appliance (ASA)
MacStadium also offers physical ASA hardware devices for customers who require those capabilities or need more throughput than a virtual firewall can handle. The standard appliance MacStadium offers is a Cisco ASA 5500 series firewall, and is for any customer who needs a dedicated, physical security appliance to protect their host environment.
When customers need even more power for inspection and protection, MacStadium also offers Cisco Firepower 2100 NGFW series appliances. The main difference between the two appliances is in an increase of 10 gigs per second in speed, connections and packets per second for the 2100 series.
Both the Cisco 5500 and 2100 series deliver:
Note: Hardware firewalls are not typically available during free trials or POC periods.
There are several other firewall optionsfor customers who don’t want to leverage Cisco ASA technology.
By default, we give our customers maximum flexibility by leaving all ports open to the internet. Because of this,we highly recommend that if you forego the protection offered by our dedicated Cisco firewalls, you implement another form of defense. You can find a comprehensive list of third party software firewalls, including feature and price comparisons, at Mac Security: Firewalls.
Please be advised that MacStadium does not offer support for third party software firewall solutions. Also, please take the time to understand the potential impacts of enabling a third-party firewall. If errors exist in your configuration, you may unintentionally increase the risk of a breach of your data. Or, you may inadvertently lock yourself out of your environment and need the help of our support agents to get your server back online. As always, please take care to store your credentials in case problems arise.
mac OS X Firewall
Apple also includes a serviceable firewall with OSX. Information on its capabilities and how to enable it can be found at OS X: About the application firewall.
Customized and Hybrid Deployments
We understand that many customers have unique security requirements and may wish to host their own firewalls in our data centers. Our engineering team has detailed experience with many other security appliances and can assist your team in implementing your best possible network security configuration.
Firewall add-ons like these are accessible within your customer dashboard under the Add-Ons tab within the details of your subscription(s).
Please contact Sales for more information and to confirm if your needs can be supported.