• About us
  • Newsroom
  • Careers
  • Become a partner
  • Search
Compute
High-performance, scalable computing resources for your critical workloads. Orchestrate your cloud-native applications with our modern container solutions.
Discover the Calcul offer
Dedicated servers
VM Instances
An on-demand, flexible and secure virtual machine solution on a shared infrastructure.
OpenSource IaaS
Open source virtualised infrastructure in a trusted SecNumCloud-qualified cloud environment for complete technological sovereignty.
VMWare IaaS
Your VMware virtual machines in a trusted SecNumCloud-qualified and HDS-certified cloud environment.
Containers
Openshift PaaS
The unified platform for creating, modernising and deploying your large-scale applications in a sovereign cloud.
Managed Kubernetes
Managed container orchestration solution offering security, resilience and advanced automation on sovereign infrastructure.
Bare Metal
Bare Metal
Dedicated, fully customisable servers for total autonomy over your sovereign infrastructure.
Storage
Adaptable, high-performance storage solutions for all your needs. Optimise your data with our highly available block and object solutions.
Discover our Storage offer
Storage
Block storage
The adaptable block storage solution for optimum storage performance in a sovereign cloud.
Object storage
The scalable, cost-effective storage solution for your unstructured data in a sovereign cloud.
Backup
Backup solutions
Differentiated backup solutions tailored to your challenges and environments
Network
Advanced network solutions to connect and secure your infrastructures. Deploy your private networks automatically and securely.
Discover the Network offer
Network
Virtual Private Cloud
Deploy and manage your private networks 100% automatically and securely.
Private Backbone
Take full control of your network with extended Layer 2 connectivity, designed for hybrid architectures and bespoke configurations.
Firewall
Managed Firewall
Advanced security solutions for complete insulation and enhanced protection
Accommodation Dry
Housing - Dedicated space
Secure hosting for your equipment in a dedicated or shared environment, depending on your needs.
Security
Advanced security solutions to protect your critical infrastructures. Control access and defend against online threats.
Discover the Security offer
Security
Anti DDoS
The shield against online attacks
Bastion host
Transparent, centralised access control for robust protection of your infrastructure
Managed KMS
Sovereign cryptographic key management, with HSM hardware root of trust, to protect your most sensitive data on SecNumCloud infrastructure.
Managed SIEM
A centralised platform for collecting and correlating security logs, combining AI-based automation and advanced detection rules (MITRE ATT&CK).
IA
Artificial intelligence solutions to transform your data into insights and accelerate your business processes.
Discover the IA offer
IA
LLMaaS
Access cutting-edge language models on a sovereign, SecNumCloud-qualified and HDS-certified infrastructure for high-performance, secure AI applications.
GPU
NVIDIA GPU instances to accelerate your artificial intelligence and high-performance computing in a sovereign cloud.
Data
Data solutions to manage, analyse and exploit your critical data.
Discover the Data offer
Databases
Managed MariaDB
A fully managed MariaDB relational database and PITR backup on SecNumCloud sovereign infrastructure.
Managed PostGreSQL
The fully managed relational database solution on SecNumCloud sovereign infrastructure
Big Data
Managed Kafka
The open-source distributed platform for streaming data in real time
Managed File System
A managed, sovereign, high-availability distributed file system, accessible via NFS and SMB on the SecNumCloud infrastructure.
Management & Governance
Coaching and support services to help you with your cloud transformation.
Find out about our support services
Support
Support levels
Discover the 3 levels of support available to help you meet your challenges.
Professional services
From design to optimisation, Cloud Temple is with you every step of the way.
Governance
Console - API - Terraform Provider
A single interface for viewing and managing your products and services
Observability
Infrastructure metrics available in market standards
About us
The company
Who are we?
Management team
Locations
CSR commitments
Sectors
Public sector
Health
Financial sector
Industry
Our approach
Our compliance procedures
Our SecNumCloud approach
Trusted AI
Interoperability & hybridity
Transparency in the processing of health data
Newsroom
The magazine
Events & Webinars
Press releases
In the media
Documentary database
Careers
Working at Cloud Temple
Join us
Become a partner
Software publishers
Managed Services Providers
FR AT FROM IT
Contact
Products > Managed Firewall
Network

Managed Firewall

A managed, high-availability, sovereign NGFW firewall - with a choice of Stormshield (ANSSI qualified) or Fortinet - to filter, protect and connect your cloud infrastructures with complete confidence.

The fundamentals of the Managed Firewall offering

The service Managed Firewall is a fully managed next-generation firewall (NGFW) cluster deployed on the sovereign SecNumCloud infrastructure. It is the reference network security perimeter for all architectures hosted at Cloud Temple.

The service is available in two editions depending on your level of sovereignty requirements and your existing ecosystem:

  • Stormshield Edition ANSSI-qualified French solution (Enhanced Qualification - Common Criteria EAL4+), recommended for Operators of Vital Importance (OIV), Operators of Essential Services (OSE), organisations subject to the LPM/NIS2 and environments requiring total technological sovereignty.
  • Fortinet Edition NGFW: World leader in the NGFW market, recommended for private companies wishing to benefit from an extended SASE ecosystem (FortiGuard, Security Fabric, SD-WAN, ZTNA) and maximum integration with their existing infrastructures.

In both cases, the service includes the HA cluster (Active/Passive), full operational management (MCO, 24/7 supervision, signature updates) and advanced VPN capabilities.

Our compliance procedures

Our Managed Firewall offering is HDS and ISO 27 001 certified

The benefits of Cloud Temple's Managed Firewall offering

Security without constraints

Zero Ops, focus on protection
Outsource the complete management of the firewall (deployment, high availability, updates, supervision) so that your teams can concentrate on defining security policies.

Advanced protection

Unified multi-layer security
Combine network filtering, application inspection, IPS/IDS, web filtering and anti-malware in a single service, continuously enhanced by threat intelligence feeds.

Continuity and scalability

High availability and scalability
Ensure continuity of service thanks to a cluster architecture with automatic failover, while easily adapting capacity without overhauling the infrastructure.

Guaranteed sovereignty

Trusted infrastructure and technology
SecNumCloud hosting in France, with the option of technological sovereignty via ANSSI-qualified solutions.

The features of our Managed Firewall

Stateful Firewall (L3/L4)
Filtering by connection state: source/destination IP, TCP/UDP ports, protocols. Stateful session tables for all flows.

NGFW - Application Control (L7)
Identification and control of over 3,000 applications (HTTP, HTTPS, cloud apps, P2P, business protocols) regardless of the port used. Authorisation/block/restrict policies by application.

IPS/IDS (Intrusion Prevention)
Real-time detection and blocking of attempts to exploit vulnerabilities: attack signatures, protocol anomalies, virtual patching. Automatic signature updates.

Web Filtering (URL Filtering)
Categorisation and filtering of URLs using a database updated in real time. Blocking of malicious sites, phishing, malware. DNS filtering. SafeSearch enforcement.

SSL/TLS Deep Inspection
Decryption and inspection of encrypted HTTPS/TLS traffic. Transparent re-encryption to the client. Exception management (banking, health, internal certificates).

Anti-malware (Antivirus)
Analysis of files in transit over HTTP, FTP, SMTP, IMAP and POP3 protocols. Detection of malware, ransomware and malicious documents.

VPN IPsec Site-to-Site
AES-256-GCM encrypted IKEv2 IPsec tunnels with Perfect Forward Secrecy (PFS). Authentication using PKI certificates or pre-shared keys. VPN route-based (VTI). Dead Peer Detection (DPD).

SSL-VPN Remote Access
Secure remote access for mobile users. Full tunnel or split tunnel. MFA authentication (TOTP + LDAP/Active Directory). Web portal or native client.

High Availability (HA)
Active/Passive cluster with synchronisation of sessions and configurations. Automatic failover in the event of a failure (< 1 second break).

NAT/PAT
Network Address Translation (NAT source, NAT destination, PAT) for controlled exposure of services and management of Internet flows.

Logs & Reporting
Full logging of authorised/blocked flows, IPS events, VPN connections and user sessions. Export to SIEM.

Centralised management
Administration via Cloud Temple managed console. Editor interface available (Stormshield Management Center / FortiManager).

Different functions depending on the option chosen

Exclusive features Fortinet Edition

This solution combines native SD-WAN to optimise network performance and reduce costs, with enhanced security thanks to ZTNA, which controls access based on the identity and status of endpoints. It also enables environments to be segmented using VDOMs, while relying on FortiGuard threat intelligence and the Fortinet ecosystem to detect, analyse and manage threats. Finally, anti-spam filtering effectively protects email flows.

Exclusive Stormshield Edition features

Stormshield Network Security offers ANSSI Renforcée-certified advanced protection for OIV, OSE, Defence and LPM environments. Its ASQ engine analyses network protocols beyond signatures to detect zero-day attacks. It integrates natively with Stormshield Data Security to encrypt files and emails, and can be managed via the centralised SMC console. Finally, it benefits from regular threat intelligence with IPS updates, malicious URLs and indicators of compromise.

Technical specifications

Managed Firewall
High availability Active/Passive cluster (automatic switchover)
Sovereign qualification ANSSI - Enhanced Qualification CC EAL4+ (Stormshield Edition)
Firewalling NGFW Inspection L3 to L7 (Application-Aware)
VPN IPsec IKEv2, AES-256-GCM, PFS, multi-tunneling
Signature updates Real-time threat intelligence
Zero ops Complete management by Cloud Temple

Do you have a perimeter security or multi-site interconnection project? Let's talk.

Whether you need to meet the stringent requirements of the ANSSI (LPM, NIS2) with a sovereign Stormshield solution, or deploy an advanced SD-WAN and ZTNA architecture with Fortinet, our cybersecurity experts can help. We can help you size your high-availability firewall cluster and define your filtering and remote access (VPN) policies.

Tell us the broad outlines of your project using this form: we'll get back to you quickly to design the security perimeter that's right for your infrastructure.

Merci de confirmer que vous n’êtes pas un robot
I consent to Cloud Temple storing and processing the personal information submitted above in order to respond accurately to my request. * mandatory fields

Pricing

Managed Firewall work units - (excluding infrastructure) Unit Unit price € excl. tax/month Commitment
FIREWALL UTM - Fortigate Virtual VM02V - without vdom 1 virtual cluster 743,27 € 12 months
FIREWALL UTM - Fortigate Virtual VM04V - without vdom 1 virtual cluster 1 302,35 € 12 months
FIREWALL UTM - Fortigate Virtual VM08V - without vdom 1 virtual cluster 2 427,72 € 12 months
FIREWALL UTM - Virtual STORMSHIELD EVA1 - 1Vcpu - 2GB RAM - 50 SSLVPN Users Max - 100 Tunnels 1 virtual cluster 381,92 € 1 month
FIREWALL UTM - Virtual STORMSHIELD EVA2 - 2Vcpu - 3GB RAM - 512 SSLVPN Max Users - 150 Tunnels 1 virtual cluster 441,63 € 1 month
FIREWALL UTM - Virtual STORMSHIELD EVA3 - 4Vcpu - 6GB RAM - 512 SSLVPN Max Users - 200 Tunnels 1 virtual cluster 561,08 € 2 months

Use cases

Cloud Temple's Managed Firewall product for perimeter protection
Cloud-native perimeter protection

Context : An organisation wants to secure all its incoming and outgoing data flows in the cloud without having to manage physical appliances.

Solution: Deployment of a Managed Firewall to filter north-south flows with L7 inspection, IPS and Web Filtering, fully integrated with the Cloud Temple cloud.

Profit : Complete, automated perimeter security, without the complexity of physical infrastructure.

Cloud Temple's Managed Firewall product for secure interconnection

Secure multi-site interconnection (IPsec VPN)

Background The company needs to connect its data centres, branches and partners securely in order to exchange sensitive data.

Solution: Creation of encrypted IPsec tunnels (IKEv2/AES-256) between the Cloud Temple cloud and remote sites via the Managed Firewall.

Profit : Secure, reliable connectivity between all sites, with robust encryption and communication integrity.

Cloud Temple's Managed Firewall product for secure remote access

Secure remote access for teleworkers (SSL-VPN)

Context : Employees need to access internal resources from any terminal, without compromising security.

Solution: Implementation of an SSL-VPN with MFA via the Managed Firewall, with logs and full traceability of connections.

Profit : Secure, controlled remote access, guaranteeing compliance and protection of critical data.

Frequently asked questions

 A question of compliance and ecosystem. 

The Stormshield Edition (French publisher) has been awarded an ANSSI Enhanced Qualification (CC EAL4+). It is essential for OIVs, OSEs, the defence sector or any organisation subject to the LPM/NIS2 requiring total technological sovereignty. The Fortinet Edition is aimed at private companies looking for advanced connectivity features (native SD-WAN, ZTNA access, multi-tenant via VDOMs) and advanced integration with a global SASE ecosystem.

No, management is 100% outsourced to guarantee security. 

As part of our “Zero Ops” approach, administration of the cluster (and direct CLI access) is reserved for our teams. Any change to your security policy (filtering rules, VPN settings) is subject to a documented and traceable Change Management process operated by Cloud Temple. Depending on your service plan, you may be provided with read-only access to the editor's interface (SMC or FortiManager) to view your logs and configurations.

Switchover is automatic and almost immediate. 

By default, the service includes a High Availability architecture (Active/Passive cluster). In the event of failure of the active node, sessions, configurations and routing tables are already synchronised on the passive node. Failover takes place in less than a second (SLA target), guaranteeing transparent continuity of service for your applications and VPN tunnels.

Yes, thanks to SSL/TLS Deep Inspection. 

The Managed Firewall includes a function for decrypting and inspecting traffic encrypted in TLS 1.3, to apply antivirus and intrusion prevention (IPS), before re-encrypting it at its destination. It is of course possible to set decryption exceptions to respect the confidentiality of certain flows (banking, health, etc.).

Complete reversibility, free of charge. 

If you decide to leave the service, we will provide you with the complete export of your configuration file in the editor's format, as well as the parameters of your VPN tunnels, free of charge and within 15 days. Flow logs can also be exported within 30 days. After this period, your data and configurations are purged securely within 7 days.

Can't find the answer to your question?
Contact our teams
Contact us
To find out more
Technical documentation Contact us
Cookie policy

We use cookies to give you the best possible experience on our site, but we do not collect any personal data.

Audience measurement services, which are necessary for the operation and improvement of our site, do not allow you to be identified personally. However, you have the option of objecting to their use.

For more information, see our privacy policy.

Authorise Refuse