Skip to main content

Firewall & Endpoint Security

Octos Cloud provides a comprehensive suite of security appliances and endpoint agents to safeguard your network and compute workloads. These offerings—spanning Site-to-Site VPN, Web Application Firewalls (WAF), and Extended Detection and Response (XDR/EDR)—are designed to ensure network isolation, secure communication, web application filtering, and real-time threat detection.

All traffic is managed within our high-performance software-defined networking plane, enabling secure hybrid cloud architectures and complete regulatory compliance.


Site-to-Site VPN Firewall

Establish secure, encrypted IPSec or SSL VPN tunnels to connect your on-premises data centers, corporate networks, or branch offices directly to your isolated Virtual Private Cloud (VPC) on Octos.

Supported VPN platforms

  • pfSense: An open-source security platform providing flexible and cost-effective firewalling, routing, and VPN termination (supporting IPsec, OpenVPN, and WireGuard).
  • Fortinet FortiGate: Next-generation firewall (NGFW) with dedicated hardware-accelerated IPSec encryption to minimize latency and maximize throughput for enterprise VPCs.
  • Sophos UTM / XG: Unified threat management features with synchronized endpoint security and remote office connectivity via Sophos RED.

VPN technical specifications

Capability / FeaturepfSense Community EditionFortinet FortiGateSophos UTM / XG
Max VPN ThroughputUp to 1.5 Gbps (vCPU bound)Up to 10 Gbps (ASIC bound)Up to 5 Gbps (vCPU bound)
VPN ProtocolsIPsec, OpenVPN, WireGuardIPsec, SSL VPNIPsec, SSL VPN, Sophos RED
Threat ProtectionCommunity-driven IDS/IPSFortiGuard AI IDS/IPS, AVSophos Guard IDS/IPS, Sandstorm
LicensingOpen Source (No fee)Proprietary (Subscription-based)Proprietary (Subscription-based)
Best ForCost-effective hybrid setupsHigh-throughput enterprise VPCsUnified endpoint & branch offices

Web Application Firewall (WAF)

Protect your public-facing web applications and APIs from advanced application-layer exploits. Our WAF gateways inspect incoming HTTP/HTTPS traffic to block malicious bot behavior, prevent SQL injection, and mitigate OWASP Top 10 vulnerabilities.

Supported WAF platforms

  • Fortinet FortiWeb: Employs dual-layer machine learning models to detect application threat anomalies and import OpenAPI schemas for API compliance enforcement.
  • Sophos WAF: Provides reverse proxy routing, secure SSL/TLS offloading at the gateway, and session cookie hardening to block cookie tampering.

WAF technical capabilities

Capability / FeatureFortinet FortiWebSophos WAF
Throughput CapacityUp to 5 Gbps per instanceUp to 2 Gbps per instance
OWASP Top 10 ProtectionFull mitigation (signatures + ML)Standard signature-based protection
API SecuritySwagger/OpenAPI validation, JSON/XMLURL-based routing and validation
Bot MitigationAdvanced bot behavior analysisIP reputation, user-agent blocking
SSL OffloadingHardware-accelerated decryptionSoftware-based decryption
Target Use CasesComplex e-commerce, high-traffic APIsWeb portals, enterprise intranets

Anti-virus XDR/EDR (Sophos)

Safeguard your virtual machine instances from malware, ransomware, and active adversary attacks using Sophos Intercept X with Extended Detection and Response (XDR).

Endpoint protection capabilities

  • CryptoGuard Ransomware Defense: Detects unauthorized file encryption processes, terminates the attack, and rolls back files to their original state.
  • Anti-Exploit Hardening: Hardens system memory spaces to block exploit techniques targeting unpatched software vulnerabilities.
  • Threat Hunting: Query running processes and connections via SQL-like syntax to identify and quarantine threats before they spread.

Supported operating systems

Operating System FamilySupported VersionsAgent Requirements
Linux (Enterprise)RHEL 8+, Rocky Linux 8+, AlmaLinux 8+64-bit Kernel, glibc 2.17+
Linux (Debian-based)Ubuntu Server 20.04 LTS, 22.04 LTS, 24.04 LTS64-bit Kernel, systemd
Windows ServerWindows Server 2016, 2019, 2022.NET Framework 4.7.2+

Next steps