FPT Cloud Native Firewall v1.1.0
I. Highlights
FPT Smart Cloud introduces NGFW v1.1.0 as part of the FPT Security Platform (FSP), delivering a comprehensive upgrade to Firewall management and adding Intrusion Detection & Prevention (IDS/IPS) capabilities.
Key highlights of this release:
- Firewall-centric Management — shifts the management view from VPCs to Firewalls, with High Availability support (Standalone / Active-Standby) and multi-VPC integration per Firewall.
- Dedicated Rule Management menu — separates rule management into an independent menu with two tabs: Network Access and IDS/IPS Rule.
- IDS/IPS Rule Management (new) — enable/disable IDS/IPS per Firewall, import Suricata-format rule files, and manage rule files.
- IDS/IPS Events logs — new tab for viewing and analyzing security events detected by IDS/IPS.
II. New Features & Improvements
1. Firewall Management — Firewall-centric View (Improvement)
a. Description
Redesigns the Firewall Management screen from a VPC list view to a Firewall list view, enabling centralized and intuitive management.
b. Features
- Firewall list with new columns: Cloud Native Firewall, VPCs, Protected Subnets, Package, HA Mode
- High Availability Mode support:
Standalone(1 node) andActive-Standby(2 nodes, automatic failover) - Firewall status flow:
Creating/Failed/Integrated/Protected - Integrate additional VPCs into an existing Firewall via the +N VPCs available chip
- Retry Firewall creation on failure; Delete Firewalls in Failed state
- Warning popup when creating a Firewall on a network that already has one
- Syncing VPCs & subnets banner with auto-polling during infrastructure sync
- Search by Firewall name or VPC name
2. Subnet Protection (Associate / Dissociate) (Improvement)
b. Features
- Subnet management via a dedicated screen (accessed from the Firewall ⋮ menu)
- Added VPC column and filter by VPC — supports Firewalls with multiple integrated VPCs
- Subnet selection via radio button; filter by Status (Not Protected / Protected)
- Track Last Action State: In Progress / Associated / Dissociated / Failed
- Auto-polling every 15 seconds when an action is in progress; locks the subnet during In Progress
- Display Floating IP and CIDR; manual Refresh button
3. Rule Management — Dedicated Menu (Improvement)
a. Description
Separates Network Access Rule management into a standalone Rule Management menu with two tabs: Network Access and IDS/IPS Rule.
b. Features
- Access rules from a dedicated menu instead of clicking a Firewall name
- Select the target Firewall from a dropdown
- Network Access Rule: add/edit/delete rules (Inbound / Outbound / East-West), NAT support (SNAT/DNAT), Priority ordering, deny-by-default enforcement
- Filter by Traffic Action, Direction, Status; search by rule name / source / destination / service / tag (AND logic)
- Maximum 100 rules per Firewall policy; Apply Policy to activate changes
4. IDS/IPS Rule Management (New)
a. Description
Adds Intrusion Detection & Prevention capabilities through import and management of Suricata-format rule files per Firewall.
b. Features
- Enable / Disable IDS/IPS per Firewall (requires at least 1 associated subnet)
- Import Rule File in Suricata format (
.rules), max 5 MB / 10,000 rules - Automatic file validation: encoding, syntax, file size, duplicate SIDs, duplicate file names
- Rule file list management: File Name, Size, number of Rules, Uploaded At
- Download and Delete rule files
- Default FPT-managed rule file:
fpt-managed.rules
5. Dashboard (No change)
b. Features
- Top Traffic Sources / Top Traffic Destinations (filter Allow/Deny)
- Total Packets over time (Allow/Deny)
- Top Hit Rules, Network Throughput (Inbound/Outbound/Internal)
- Active Connections, CPU & Memory usage
- Filter by Firewall and Time Range
6. Logs & Monitoring (Improvement)
a. Description
Adds the IDS/IPS Events tab alongside the existing Network Access tab for viewing and analyzing security events detected by IDS/IPS.
b. Features
- Network Access tab: view and search traffic logs passing through the Firewall
- IDS/IPS Events tab (new): view and search Suricata-format security events; only available when IDS/IPS is enabled on the selected Firewall
- Log stream with lazy loading (100 logs per load), keyword highlighting on search
- Filter by Firewall and Time Range; Sync to fetch the latest logs
III. Upgrade Notes
- Navigation change: Network Access Rules are no longer accessed from the Firewall Management screen — use the Rule Management → Network Access tab instead.
- IDS/IPS prerequisite: the Firewall must have at least 1 associated subnet before IDS/IPS can be enabled.
- See User Guide v1.1.0 for detailed step-by-step instructions.