Firewall & Endpoint Security
Octos Cloud provides a comprehensive suite of security appliances and endpoint agents to safeguard your network and compute workloads. These offerings—spanning Site-to-Site VPN, Web Application Firewalls (WAF), and Extended Detection and Response (XDR/EDR)—are designed to ensure network isolation, secure communication, web application filtering, and real-time threat detection.
All traffic is managed within our high-performance software-defined networking plane, enabling secure hybrid cloud architectures and complete regulatory compliance.
Site-to-Site VPN Firewall
Establish secure, encrypted IPSec or SSL VPN tunnels to connect your on-premises data centers, corporate networks, or branch offices directly to your isolated Virtual Private Cloud (VPC) on Octos.
Supported VPN platforms
- pfSense: An open-source security platform providing flexible and cost-effective firewalling, routing, and VPN termination (supporting IPsec, OpenVPN, and WireGuard).
- Fortinet FortiGate: Next-generation firewall (NGFW) with dedicated hardware-accelerated IPSec encryption to minimize latency and maximize throughput for enterprise VPCs.
- Sophos UTM / XG: Unified threat management features with synchronized endpoint security and remote office connectivity via Sophos RED.
VPN technical specifications
| Capability / Feature | pfSense Community Edition | Fortinet FortiGate | Sophos UTM / XG |
|---|---|---|---|
| Max VPN Throughput | Up to 1.5 Gbps (vCPU bound) | Up to 10 Gbps (ASIC bound) | Up to 5 Gbps (vCPU bound) |
| VPN Protocols | IPsec, OpenVPN, WireGuard | IPsec, SSL VPN | IPsec, SSL VPN, Sophos RED |
| Threat Protection | Community-driven IDS/IPS | FortiGuard AI IDS/IPS, AV | Sophos Guard IDS/IPS, Sandstorm |
| Licensing | Open Source (No fee) | Proprietary (Subscription-based) | Proprietary (Subscription-based) |
| Best For | Cost-effective hybrid setups | High-throughput enterprise VPCs | Unified endpoint & branch offices |
Web Application Firewall (WAF)
Protect your public-facing web applications and APIs from advanced application-layer exploits. Our WAF gateways inspect incoming HTTP/HTTPS traffic to block malicious bot behavior, prevent SQL injection, and mitigate OWASP Top 10 vulnerabilities.
Supported WAF platforms
- Fortinet FortiWeb: Employs dual-layer machine learning models to detect application threat anomalies and import OpenAPI schemas for API compliance enforcement.
- Sophos WAF: Provides reverse proxy routing, secure SSL/TLS offloading at the gateway, and session cookie hardening to block cookie tampering.
WAF technical capabilities
| Capability / Feature | Fortinet FortiWeb | Sophos WAF |
|---|---|---|
| Throughput Capacity | Up to 5 Gbps per instance | Up to 2 Gbps per instance |
| OWASP Top 10 Protection | Full mitigation (signatures + ML) | Standard signature-based protection |
| API Security | Swagger/OpenAPI validation, JSON/XML | URL-based routing and validation |
| Bot Mitigation | Advanced bot behavior analysis | IP reputation, user-agent blocking |
| SSL Offloading | Hardware-accelerated decryption | Software-based decryption |
| Target Use Cases | Complex e-commerce, high-traffic APIs | Web portals, enterprise intranets |
Anti-virus XDR/EDR (Sophos)
Safeguard your virtual machine instances from malware, ransomware, and active adversary attacks using Sophos Intercept X with Extended Detection and Response (XDR).
Endpoint protection capabilities
- CryptoGuard Ransomware Defense: Detects unauthorized file encryption processes, terminates the attack, and rolls back files to their original state.
- Anti-Exploit Hardening: Hardens system memory spaces to block exploit techniques targeting unpatched software vulnerabilities.
- Threat Hunting: Query running processes and connections via SQL-like syntax to identify and quarantine threats before they spread.
Supported operating systems
| Operating System Family | Supported Versions | Agent Requirements |
|---|---|---|
| Linux (Enterprise) | RHEL 8+, Rocky Linux 8+, AlmaLinux 8+ | 64-bit Kernel, glibc 2.17+ |
| Linux (Debian-based) | Ubuntu Server 20.04 LTS, 22.04 LTS, 24.04 LTS | 64-bit Kernel, systemd |
| Windows Server | Windows Server 2016, 2019, 2022 | .NET Framework 4.7.2+ |