About Us
Highlights FPT Cloud Server FPT AI Factory FPT Network FPT Cloud Backup & DR FPT Storage FPT Security FPT Container FPT Database FPT Cloud Monitoring FPT Data Suite FPT.AI

Show all

Object Storage

Secure, unlimited storage to ensures efficiency as well as high and continuous data access demand.

GPU Server

Virtual server integration for 3D Rendering, AI or ML

FPT Load Balancing

Enhance application capacity and availability.

FPT AI Factory

Access to an all-inclusive stack for AI development, driven by NVIDIA’s powerful technology!

Cloud WAF

FPT Web Application Firewall provides powerful protection for web applications

Cloud Server

Advanced virtual server with rapid scalability

Backup Service

Backup and restore data instantly, securely and maintain data integrity.

Cloud Server

Advanced virtual server with rapid scalability

FPT AI Factory

Access to an all-inclusive stack for AI development, driven by NVIDIA’s powerful technology!

FPT Load Balancing

Enhance application capacity and availability.

Backup Service

Backup and restore data instantly, securely and maintain data integrity.

Disaster Recovery Service

Recovery, ensuring quick operation for the business after all incidents and disasters.

Block Storage

Diverse throughput and capacity to meet various business workloads.

Object Storage

Secure, unlimited storage to ensures efficiency as well as high and continuous data access demand.

Cloud WAF

FPT Web Application Firewall provides powerful protection for web applications

FPT Cloud WAPPLES

Intelligent and Comprehensive Virtual Web Application Firewall - Security Collaboration between FPT Cloud and Penta Security.

Next-Gen Firewall

The Next generation firewall security service

Container Registry

Easily store, manage, deploy, and secure Container images

Kubernetes Engine

Safe, secure, stable, high-performance Kubernetes platform

FPT Database for MongoDB

Provided as a service to deploy, monitor, backup, restore, and scale MongoDB databases on cloud.

FPT Database for Redis

Provided as a service to deploy, monitor, backup, restore, and scale Redis databases on cloud.

PostgreSQL Database Engine

Provided as a service to deploy, monitor, backup, restore, and scale PostgreSQL databases on cloud.

Monitoring

System Monitoring Solution anywhere, anytime, anyplatform

FPT Data Suite

Helps reduce operational costs by up to 40% compared to traditional BI solutions, while improving efficiency through optimized resource usage and infrastructure scaling.
Pricing
Partner
- Tech news
- White Paper
Event

Service

Cloud Server

FPT AI Factory

FPT Load Balancing

Monitoring

FPT Data Suite

Cloud Insights

ENG

Tiếng Việt English 中文 (中国) 日本語

All documents

Dedicated – FPT Kubernetes Engine

FPT Monitoring

Incident Management

Billing

AI Factory Billing

Billing

AI Marketplace

AI Inference

AI Studio

FPT AI Inference

AI Inference

AI Infrastructure

FPT Security

FPT Cloud Server

FPT DevSecOps Services

FPT Integration

FPT Database Engine

Managed – FPT Database Engine

FPT Cloud Backup & DR

FPT Storage

FPT Network

FPT Container

Advanced Firewall

Updated on 14 Mar 2024

Print: Export: PDF

1. Overview of Kubernetes integrated Firewall

The Kubernetes integrated Firewall product is different from FPT Cloud's basic Kubernetes product by placing an Advanced Firewall located in front of Tenant's Gateway. Advanced Firewall is responsible for protecting and configuring security rules (Allow, Drop) and NAT rules (DNAT, SNAT) for the Kubernetes cluster.

Main components include:

Advanced Firewall (e.g: Checkpoint)
Gateway (Internet Gateway, Firewall L4)
Load Balancer
Kubernetes Cluster: Master Nodes (API, etcd) and Worker Nodes (App and Service)

2. Requirement rules for Kubernetes on Advanced Firewall

The traffic flow to access the Kubernetes Nodes is as follows:

Note:

All inbound and outbound rules for the Kubernetes cluster are configured on the Advanced Firewall.
All NAT rules for the Kubernetes cluster are configured on the Advanced Firewall.
Public IP is set on Advanced Firewall.

Firewall rule planning table on Advanced Firewall for Kubernetes cluster:

NAT rule planning table on Advanced Firewall for Kubernetes cluster:

On the Gateway, there are still Firewall rules and NAT rules to ensure traffic flowing from the Gateway to the Firewall. These default rules are automatically created, and users must create rules for the application (optional) if needed.

3. Initialize a Kubernetes cluster with integrated Firewall

Prerequisites:

CPU, RAM, Storage, and Instance quotas must be sufficient for the desired Cluster configuration.
01 Network subnet: Network used for Kubernetes Nodes. Subnet needs Static IP Pool. This subnet needs to be planned and designed in detail to configure a route to allow connection from the internet to the Firewall through the Gateway to the Kubernetes Nodes.
Firewall IP information: 01 Public IP and 01 Private IP of the Firewall.
Gateway IP information: 01 Private IP to configure the route from Firewall to Gateway.

Initialization steps are as follows:

Step 1: In the FPT Portal menu, select Kubernetes > Create. Enter Cluster's general information.

Step 2: Configure Firewall. Tick Enable Firewall

Step 3: Enter Firewall information, including: Gateway IP, Checkpoint Public and Private IP.

Step 4: Click Create, double-check the information and click Agree to proceed with initialization.

Step 5: Monitor K8s cluster initialization status. After the status turned to Running, proceed to use and deploy the application.

Load Balancer Services

Backup & Restore Cluster

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months
cookielawinfo-checbox-functional	11 months
cookielawinfo-checbox-others	11 months
cookielawinfo-checkbox-necessary	11 months
cookielawinfo-checkbox-performance	11 months
viewed_cookie_policy	11 months