Hillstone CloudEdge Virtual Next-Generation Firewall

Key features

  • Network Functions Virtualisation
  • Dynamic routing (OSPF, BGP, RIPv2)
  • Static and policy routing
  • Route controlled by application
  • Built-in DHCP, NTP, DNS server and DNS proxy
  • Tap mode—connect to SPAN port
  • Interface modes: sniffer, port aggregated, loopback, VLANS (802.1Q and trunking)
  • L2/L3 switching & routing
  • Easy orchestration and automation
  • ISP and carrier ready


Product Description

Hillstone CloudEdge provides advanced security services across Layer 2-7, in addition to core firewall features to public and private cloud users. It can be deployed via Cloud Management Platforms (CMPs) as a “Firewall as a Service” for a multi-tenant solution in the virtual environment. CloudEdge shares a base technology as the “NSS Labs Recommended” Hillstone Next Generation Firewall NGFW and provides the same robust set of security features offered for physical environments. Security administrators can rapidly provision and deploy CloudEdge at scale, and instantly start protecting virtual deployments. CloudEdge identifies and prevents potential threats associated with high-risk applications while providing policy-based control over applications, users, and user groups. Policies can be defined that guarantee bandwidth to mission-critical applications while restricting or blocking inappropriate or malicious applications. Policy based routing and bandwidth management can also be created for users/groups based on time of day and application attributes.

CloudEdge provides independent management as well as remote security access for each tenant, in multi-tenanted virtual and cloud environments. CloudEdge supports major hypervisor technologies including KVM, Xen, Hyper-V, VMware ESXi etc. It is also tightly integrated with and supports CMPs such as Amazon Web Service (AWS), Microsoft Azure, AliCloud, Openstack and VMware vCenter.


Leverages Hillstone NGFW Technology

CloudEdge delivers the same robust features and benefits of the Hillstone NGFW into virtualized and cloud deployments. It can provide comprehensive security features including granular application identification and control, intrusion prevention, anti-virus, attack defense, etc.

Enables Access Control for VPCs

Virtual Private Clouds provide logical security perimeters to protect virtual data centers. CloudEdge is deployed at the VPC entry to provide independent management, control and protection for each tenant.

Secures Data Transmission via VPN

The CloudEdge VPN feature protects data transmission between VPCs, VPCs to their associated enterprise networks or VPCs on different cloud platforms.

Easily Deployed and Managed

CloudEdge can be easily changed or instantiated from templates to address the highly dynamic change operations of virtual machines and virtual environments. Fully integrated with CMPs, administrators can launch, stop and configure firewall policies from the CMP itself; administrators can also configure CloudEdge directly via SecureShell (SSH).

Provides Multi-tenant Support

Tenant-specific configurations and security policies are supported for maximum control and protection.