It’s more a matter of understanding how they work. Think of an SDN firewall as simply a rule in the network- traffic that doesn’t match, or is explicitly blocked, is just dropped by the network itself. But, for example, AWS security groups are default deny with allow rules only… so the drawback would be if you wanted to block a specific IP address range or write FQDN based rules… security groups can’t do either. Instead you would have to use either a different service from AWS (their new Firewall) or a virtual appliance.
Original Message:
Sent: 1/7/2021 1:16:00 PM
From: Jenna Morrison
Subject: Issues with SDN firewalls?
Hello,
In the Security Guidance V4, I see that there are many benefits to SDN firewalls as opposed to hardware-based firewalls. However, I was wondering if there are any issues with SDN firewalls in general?
Thanks :)
#SDN-firewalls
------------------------------
Jenna Morrison
Training Department Intern
Cloud Security Alliance
------------------------------