Firewall-as-a-Service (FWaaS)


Firewall-as-a-Service (FWaaS) represents an innovative approach to providing firewall and other network security functionalities through a cloud-based service. This model overcomes the limitations and intricacies associated with traditional physical and virtual firewalls, ensuring that network security is uniformly accessible across all locations.


Comprehensive Traffic Analysis Without Any Blind Spots

Manageable Scaling of Firewall Rule Sets

Complete Logging and Monitoring for In-depth Analysis and Reporting

Infinite Processing and Inspection

Microsegmentation, Access Control, and Zero Trust

Deep Packet Inspection (DPI)

Comprehensive Traffic Analysis Without Any Blind Spots

Helios inspects network traffic from all sources to all destinations across the internet (north-south) and the WAN (east-west). This encompasses traffic across all ports and protocols, extending beyond just HTTP/S traffic. Helios enables organizations to decommission both branch and datacenter firewall appliances, replacing them with Helios FWaaS. The elimination of firewalls is feasible because Helios can provide all the functionalities of traditional firewalls within a network (not proxy) architecture from the cloud, supporting multi-gigabit throughput. By adopting Helios FWaaS, enterprises can eliminate configuration gaps, blind spots, and significantly reduce the risk of data breaches.

Vulnerability Detection

Manageable Scaling of Firewall Rule Sets

Helios FWaaS processes rules based on their order in the ruleset, halting at the first match. To prevent the ruleset from being overwhelmed with numerous rules, each rule can be configured with specific exceptions. Helios allows administrators to group rules into sections for enhanced readability and efficient review by third-party auditors.

Helios offers a comprehensive set of objects (user identity, organization unit, device, host, application, protocol, location, network, VLAN, and many more) that can be utilized in the rules, along with the capability to manage them in logical groups that can combine multiple object types.


Complete Logging and Monitoring for In-depth Analysis and Reporting

All rules and actions in the Helios FWaaS can be configured to record an event and store it on the Helios SASE Cloud Platform for a specified retention period.

Email notifications can be set up to alert on selected events that occur within a defined period and at a specified urgency level.

Event monitoring and analysis are accessible through dedicated dashboards and the event monitoring interface, which offers user-friendly searching and filtering options.

An audit trail captures all administrative activities for tracking, monitoring, and auditing purposes.


Infinite Processing and Inspection Capacity to Meet Every Requirement

Helios FWaaS is a cloud service that leverages a cloud-native software architecture. Its features and capabilities are not constrained by the underlying hardware, and autonomous and elastic scaling and self-healing ensure high performance and service resilience.

Helios allows administrators to activate all features, including TLS inspection, and use any type and number of objects, groups, and rules without concerns about performance or availability.

Helios’s cloud-native software architecture eliminates worries about increased latency due to CPU load, packet drops, or device failure. Similarly, the risk of mid-term appliance replacement due to insufficient compute power is avoided.


Microsegmentation, Access Control, and Zero Trust for Minimizing Risks

Microsegmentation can be easily configured to restrict access to sensitive resources. Policies can be set based on groups, networks, VLANs, and individual objects such as hosts and users to govern granular access that meets business requirements. For zero trust, Helios allows administrators to set identity-to-identity, identity-to-app, and app-to-app access policies that factor in not only the identity of a user, but also their geo-location, method of connectivity, security posture, and more.


Deep Packet Inspection (DPI)-Based Application and User Awareness

Helios FWaaS includes built-in awareness of thousands of applications across all ports and protocols, along with the ability to define custom applications. A DPI engine identifies the application or service as early as the first packet, without the need to decrypt the payload.

Helios allows for policy configuration and enforcement that considers the identity of the users and the organization units they belong to. By synchronizing with the user directory and using the identity agent in the Helios Client, a user identity is associated with every network flow.

Vulnerability Detection

Learn how Helios can help your organization