Network & Firewall Infrastructure
Enterprise-grade traffic management, stateful packet inspection, and intelligent routing. Secure your workloads at the edge and enforce granular access controls across all regions.
Network Architecture
CloudNexus processes all inbound traffic through a distributed anycast network before reaching your origin infrastructure. Our firewall engine operates at Layer 3-7, providing stateful inspection, DDoS scrubbing, and WAF evaluation in parallel to maintain sub-millisecond latency.
Anycast Routing
Traffic automatically routes to the nearest edge node. Failover occurs in <50ms if a node experiences degradation or saturation.
Stateful Firewall
Track connection states across sessions. Whitelist/blacklist IPs, ranges, or geolocations with rule-based precedence.
L7 Load Balancing
Distribute traffic based on headers, cookies, or path patterns. Supports WebSocket, gRPC, and HTTP/3 natively.
Deep Packet Inspection
Identify protocols and payloads. Automatically block known attack signatures without impacting legitimate throughput.
Technical Specifications
| Metric | Standard | Enterprise | Status |
|---|---|---|---|
| Max Throughput | 10 Gbps per edge | 40 Gbps dedicated | Operational |
| Firewall Rules | Up to 1,000 per policy | Unlimited with priority | Managed |
| DDoS Protection | Up to 1 Tbps | Up to 5 Tbps + dedicated scrubbing | Always On |
| Latency Add-on | ~8ms avg | ~3ms avg (optimized route) | Regional |
| Compliance | SOC 2 Type II | SOC 2, PCI-DSS, HIPAA, FedRAMP | Audited |
API & Infrastructure as Code
Manage firewall rules, routing tables, and security groups programmatically. We support Terraform, Pulumi, and direct REST/GraphQL APIs with webhook event streaming.
cloudnexus network firewall create \ --name block-geo-russia \ --action deny \ --country RU \ --protocol all \ --priority 100
# Terraform provider example
resource "cloudnexus_firewall_rule" "main" {
project_id = "proj_8x29a"
source_ip = "0.0.0.0/0"
target = "lb_prod_01"
action = "allow"
}
Network Add-on Pricing
Network & Firewall operates as a modular add-on to your base compute/storage plan. Billed monthly with pay-as-you-go overage thresholds.
- ✓ Basic routing & NAT
- ✓ 200 Firewall rules
- ✓ 100 Gbps DDoS protection
- ✓ Standard support
- ✓ Everything in Base
- ✓ Unlimited rules & priority
- ✓ 2 Tbps DDoS scrubbing
- ✓ WAF with OWASP CRS
- ✓ Real-time traffic analytics
- ✓ Dedicated scrubbing center
- ✓ Private IP peering
- ✓ Custom threat intelligence
- ✓ Dedicated account engineer
Frequently Asked Questions
CloudNexus WAF operates in parallel using in-memory rule evaluation. Average latency impact is <0.4ms. For zero-impact requirements, you can enable WAF in 'monitor-only' mode initially.
Yes. Our CLI includes a `rules import` command that parses CSV, JSON, or standard iptables outputs and maps them directly to our firewall engine with appropriate protocol translation.
When attack thresholds are breached, traffic is automatically routed through our dedicated scrubbing centers. Malicious packets are dropped at the edge while legitimate traffic is forwarded via encrypted tunnels to your origin. Failover is transparent to end users.
Base plans support up to 200 active rules per policy. Advanced and Enterprise tiers remove hard limits, but we recommend keeping active rules under 5,000 per region for optimal evaluation performance.
Next Steps
Ready to secure your infrastructure? Explore our integration guides or spin up a test environment with sandbox traffic.