Overview
The Cloaking Firewall is a hardened repackaged version (wherein subscription costs / additional charges apply) of the popular OPNSense firewall embedded with innovative technology that removes the ability of cyber attackers to find your network and hack it. The technology allows your network to disappear from internet wide scanning, which is an essential process that malicious actors use to identify new targets.
This firewall presents an innovative and more cost-effective cybersecurity solution, as it eliminates the potential for an attack on your network in the first place, thereby avoiding the ever-increasing costs of a cyber breach. The technology is also incorporated with a firewall, which means the cost as well as the training and implementation gaps are low during adoption.
With this network appliance, you can disappear from internet-wide scanning services such as Shodan, Censys.io, and BinaryEdge that malicious actors regularly use to find new targets with Internet 2.0 software. Appliance includes an embedded Suricata Threat Engine to match incoming traffic against the latest threat signatures, which allows defense-in-depth. Additionally, the hardened PFSense/OPNSense Firewall, supported by the secure BSD operating system, provides a shielded foundation.
Highlights
- Cloaking technology to disappear from all internet based scanners
- Hardened OPNSense based firewall that greatly improves on already legendary security
- Machine learning and malcore analysis to process threats at the edge and deliver insights and alerts before any other security technology
Details
Pricing
Free trial
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
---|---|---|---|
t3.micro AWS Free Tier | $1.00 | $0.01 | $1.01 |
t3.small | $1.00 | $0.021 | $1.021 |
t3.medium | $1.00 | $0.042 | $1.042 |
t3.large | $1.00 | $0.083 | $1.083 |
m4.xlarge | $1.00 | $0.20 | $1.20 |
m5.large | $1.00 | $0.096 | $1.096 |
m5a.xlarge | $1.00 | $0.172 | $1.172 |
c5.xlarge | $1.00 | $0.17 | $1.17 |
c6a.8xlarge | $1.00 | $1.224 | $2.224 |
c6a.16xlarge | $1.00 | $2.448 | $3.448 |
Vendor refund policy
Contact support@internet2-0.com for any issues during deployment. Long term support contract information can also be requested.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Cloaking Firewall AMI Deployment Topology
"This CloudFormation template sets up a comprehensive network topology for deploying a cloaking firewall AMI within an AWS VPC. The deployment includes:
A Virtual Private Cloud (VPC) configured with both public and private subnets. Security groups designed for remote access, private security, public security, and base security, ensuring stringent access control and network isolation. An EC2 instance in the public subnet associated with an Elastic IP for external connectivity. Route tables and internet gateways to manage traffic routing between the internet and internal resources securely. Detailed configuration of network interfaces and routing policies to facilitate seamless integration and high availability of the deployed firewall. This setup is ideal for organizations seeking robust security measures and automated deployment capabilities, ensuring quick and consistent provisioning of firewall resources within the AWS cloud environment."
CloudFormation Template (CFT)
AWS CloudFormation templates are JSON or YAML-formatted text files that simplify provisioning and management on AWS. The templates describe the service or application architecture you want to deploy, and AWS CloudFormation uses those templates to provision and configure the required services (such as Amazon EC2 instances or Amazon RDS DB instances). The deployed application and associated resources are called a "stack."
Version release notes
Latest Release
Additional details
Usage instructions
Usage Instructions: NOTE: Due to security scanning on the instance, it can take up to 2 minutes after Status Checks have passed for the WebGUI and SSH login to be available for the machine.
SSH Access:
SSH is enabled and can be accessed only via key authentication, use port 22. Password logins are available for the ec2 console and WebGUI ( use https port 2000). ex: https://123.123.123.123:2000
User Accounts
There are two user accounts:
- "root" (initially disabled)
- "ec2-cfw"
Password Format
The passwords for the accounts follow a specific format that includes the instance ID. If ever conducting a factory reset the passwords for both accounts will be reset to the original passwords as below. Please, if ever changing passwords which is recommended make a copy of the new passwords to avoid being locked out.
-
"root":
-
Password format: -=&%!INSTANCEID!%&=-
-
"ec2-cfw":
-
Password format:
-=***INSTANCEID***=-
-
Example for "ec2-cfw":
-=***i-0de16bd57d390efaf***=-
Interface Setup
To correctly set up interfaces, the "root" account will need to be enabled. Access the ec2 console to assign the interfaces appropriately. Without this step, the LAN interface might be misidentified as Optional 1 (OPT1), which can cause issues with rule configurations. Note: While the "root" account is initially disabled, users have the option to enable it if needed (such as above). This can help in setting up interfaces correctly but should be done cautiously to avoid reducing security. Please disable root account after completing given tasks.
VPN and Security Groups
There are 2 VPN services available one for half split tunnel and one for full tunnel. For best practices with remote administration please make use one of the VPNs. Once VPN is operable, please disable direct access to the firewall via the WAN and disable the rule TCP 2000 in the security group. Also, please do same for the SSH.
Support
Vendor support
Please allow 24 hours Contact support@internet2-0.com for any issues during deployment.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.