Skip to main content

FPT Cloud Native Firewall v1.1.0

I. Highlights

FPT Smart Cloud introduces NGFW v1.1.0 as part of the FPT Security Platform (FSP), delivering a comprehensive upgrade to Firewall management and adding Intrusion Detection & Prevention (IDS/IPS) capabilities.

Key highlights of this release:

  • Firewall-centric Management — shifts the management view from VPCs to Firewalls, with High Availability support (Standalone / Active-Standby) and multi-VPC integration per Firewall.
  • Dedicated Rule Management menu — separates rule management into an independent menu with two tabs: Network Access and IDS/IPS Rule.
  • IDS/IPS Rule Management (new) — enable/disable IDS/IPS per Firewall, import Suricata-format rule files, and manage rule files.
  • IDS/IPS Events logs — new tab for viewing and analyzing security events detected by IDS/IPS.

II. New Features & Improvements

1. Firewall Management — Firewall-centric View (Improvement)

a. Description

Redesigns the Firewall Management screen from a VPC list view to a Firewall list view, enabling centralized and intuitive management.

b. Features

  • Firewall list with new columns: Cloud Native Firewall, VPCs, Protected Subnets, Package, HA Mode
  • High Availability Mode support: Standalone (1 node) and Active-Standby (2 nodes, automatic failover)
  • Firewall status flow: Creating / Failed / Integrated / Protected
  • Integrate additional VPCs into an existing Firewall via the +N VPCs available chip
  • Retry Firewall creation on failure; Delete Firewalls in Failed state
  • Warning popup when creating a Firewall on a network that already has one
  • Syncing VPCs & subnets banner with auto-polling during infrastructure sync
  • Search by Firewall name or VPC name

2. Subnet Protection (Associate / Dissociate) (Improvement)

b. Features

  • Subnet management via a dedicated screen (accessed from the Firewall ⋮ menu)
  • Added VPC column and filter by VPC — supports Firewalls with multiple integrated VPCs
  • Subnet selection via radio button; filter by Status (Not Protected / Protected)
  • Track Last Action State: In Progress / Associated / Dissociated / Failed
  • Auto-polling every 15 seconds when an action is in progress; locks the subnet during In Progress
  • Display Floating IP and CIDR; manual Refresh button

3. Rule Management — Dedicated Menu (Improvement)

a. Description

Separates Network Access Rule management into a standalone Rule Management menu with two tabs: Network Access and IDS/IPS Rule.

b. Features

  • Access rules from a dedicated menu instead of clicking a Firewall name
  • Select the target Firewall from a dropdown
  • Network Access Rule: add/edit/delete rules (Inbound / Outbound / East-West), NAT support (SNAT/DNAT), Priority ordering, deny-by-default enforcement
  • Filter by Traffic Action, Direction, Status; search by rule name / source / destination / service / tag (AND logic)
  • Maximum 100 rules per Firewall policy; Apply Policy to activate changes

4. IDS/IPS Rule Management (New)

a. Description

Adds Intrusion Detection & Prevention capabilities through import and management of Suricata-format rule files per Firewall.

b. Features

  • Enable / Disable IDS/IPS per Firewall (requires at least 1 associated subnet)
  • Import Rule File in Suricata format (.rules), max 5 MB / 10,000 rules
  • Automatic file validation: encoding, syntax, file size, duplicate SIDs, duplicate file names
  • Rule file list management: File Name, Size, number of Rules, Uploaded At
  • Download and Delete rule files
  • Default FPT-managed rule file: fpt-managed.rules

5. Dashboard (No change)

b. Features

  • Top Traffic Sources / Top Traffic Destinations (filter Allow/Deny)
  • Total Packets over time (Allow/Deny)
  • Top Hit Rules, Network Throughput (Inbound/Outbound/Internal)
  • Active Connections, CPU & Memory usage
  • Filter by Firewall and Time Range

6. Logs & Monitoring (Improvement)

a. Description

Adds the IDS/IPS Events tab alongside the existing Network Access tab for viewing and analyzing security events detected by IDS/IPS.

b. Features

  • Network Access tab: view and search traffic logs passing through the Firewall
  • IDS/IPS Events tab (new): view and search Suricata-format security events; only available when IDS/IPS is enabled on the selected Firewall
  • Log stream with lazy loading (100 logs per load), keyword highlighting on search
  • Filter by Firewall and Time Range; Sync to fetch the latest logs

III. Upgrade Notes

  • Navigation change: Network Access Rules are no longer accessed from the Firewall Management screen — use the Rule Management → Network Access tab instead.
  • IDS/IPS prerequisite: the Firewall must have at least 1 associated subnet before IDS/IPS can be enabled.
  • See User Guide v1.1.0 for detailed step-by-step instructions.