A heuristic migration logic between firewalls in a federated cloud network

The hyper-connected cloud landscape is reliant on a composite security framework of hardware and cloud firewalls. Often, these security devices are managed by separate groups and operate as functional silos rather than integrated security mechanisms. As a result, cloud traffic is subjected to inefficient and redundant packet filtering. Hardware firewalls are optimized for greater throughput while virtualized firewalls can scale to match DoS attempts. To maximize the utility of each form factor, we developed an inline firewall architecture with a variable filtering point. The primary filtering point changes between hardware and cloud firewalls based on real-time conditions. The architecture incorporates heuristic-based migration logic. To define the heuristics, a performance evaluation was conducted following two test scenarios: spike tests and endurance test. Packet throughput was also assessed using JMeter. The results indicate that a threshold approach to filter-point migration maximizes network throughout while offering the insurance of on-demand scalability.