Next-Generation Firewall to Secure AWS Environment and Data in Transit

A Closed Joint Stock Company based out of KSA, which has been ranked among top 100 companies in the Kingdom. It is the most distinguished industrial companies in Saudi Arabia which also has number of Manufacturing Units across the Middle East. The history of the Company goes back up to 5 decades and is a member of Sheikh Sulaiman bin Abdul Aziz Rajhi endowments group.

Citrus Consulting Services Implements Next-Generation Firewall to Secure their AWS Environment and Data in Transit between AWS and other Sites for Joint Stock Company.

The Palo Alto Networks VM-Series firewall is the virtualized form of the Palo Alto Networks next-generation firewall. It is positioned for use in a virtualized or cloud environment where it can protect and secure east-west and north-south traffic.

It allows you to meet all your demands with automatable, scalable and easy-to-deploy virtual firewalls ideal for environments where deploying hardware firewalls is difficult or impossible. VM-Series virtual firewalls provide all the capabilities of the Palo Alto Networks next-generation hardware firewall in a virtual machine form factor, so you can secure the environments that are vital for your competitiveness and innovation.

• Enable secure and encrypted communication between AWS and Customer on-premises.
• Enable security policies and Security Controls as per best Practices.
• Enable automatic threat updates and threat profiles.
• Enable authorized users to connect to the network from remote locations.

• Palo Alto VM series has been deployed in the AWS environment.
• Various Site to Site tunnels have been established in order to allow AWS resources and on-prem resources located at multiple sites to communicate with each other securely. Each Site has two tunnels – Active and Passive. Dynamic Routing with help of BGP and tunnel failover using Path Monitoring has been configured to avoid any downtime or business impact.
• Various Policies have been defined to restrict the communication among the sites based on ports, applications etc. This makes sure that communication happens between required applications and corresponding required ports.
• Security Profiles have been created to avoid/detect/prevent Cyber Attacks. Under the profile, we have defined Anti-Virus, Anti-Spyware, Vulnerability Protection, URL Filtering, Wildfire Analysis, DoS Protection. These Profiles have been attached to Security Policy as per best practices and Customer’s environment.
• Global Protect Point to Point VPN has been setup for clients to connect to the network remotely and access the resources as required.

• Firewall providing secure Communication between cloud and on-prem using standard encryption algorithm.
• End to End Implementation of cloud hosted firewall with in-house security experts adhering best practices and industry standards.
• High Availability for firewall with dynamic routing and failover tunnels to have least business impact and zero downtime.
• 24/7 threat monitoring and analysis.
• Review of each security policy and configuration to ensure it meets the pen-test standards.
• Ensuring 100% business continuity for the renowned bank through 24/7 Managed Support Services by Citrus Consulting Services.