A High-Level Design (HLD) architecture of a OneFirewall (White-label)
OneFirewall WCF Platform brings together threat intelligence from multiple sources (Alliance), including government agencies, security vendors, and other organizations, and provides a centralized repository for this information
All services are managed using a containerized solution and deployed on a Kubernetes cluster. The cluster can be a service-managed solution from a cloud provider or an on-premises installation using open-source solutions based on Rancher.
onefirewall-server:
The core server that exposes the APIs of OneFirewall.
Manages the UI functionalities of OneFirewall.
Implements authentication using a database-based mechanism.
Integrates authentication with OIDC providers: Google, GitHub, and Atlassian.
Stores threat intelligence data in time series format within an Elasticsearch cluster.
onefirewall-elasticsearch:
Manages threat intelligence data as time series.
Supports data storage on persistent block storage or NAS servers.
onefirewall-db:
Manages application data and configurations.
Handles Identity and Access Management (IAM) for platform users.
onefirewall-rabbitmq:
Acts as a message queue for data ingestion.
Manages synchronization of threat intelligence data with the OneFirewall cloud platform.
onefirewall-queue-consumer:
A server responsible for dequeuing messages from onefirewall-rabbitmq.
Interacts with the ingestion APIs in onefirewall-server via onefirewall-proxy.
onefirewall-proxy:
onefirewall-wcf-agent:
Implements integrations with various existing router/firewall solutions.
Supports both open-source and commercial firewall solutions.
onefirewall-log-analyzer:
Handles integration with various SIEM solutions.
Manages ingestion and processing of log data.
onefirewall-cloud-sync:
Synchronizes threat intelligence data.
Sends data packets to the message queue (onefirewall-rabbitmq).
A High-Level Design (HLD) architecture of a OneFirewall (White-label)
OneFirewall WCF Platform brings together threat intelligence from multiple sources (Alliance), including government agencies, security vendors, and other organizations, and provides a centralized repository for this information
All services are managed using a containerized solution and deployed on a Kubernetes cluster. The cluster can be a service-managed solution from a cloud provider or an on-premises installation using open-source solutions based on Rancher.
onefirewall-server:
The core server that exposes the APIs of OneFirewall.
Manages the UI functionalities of OneFirewall.
Implements authentication using a database-based mechanism.
Integrates authentication with OIDC providers: Google, GitHub, and Atlassian.
Stores threat intelligence data in time series format within an Elasticsearch cluster.
onefirewall-elasticsearch:
Manages threat intelligence data as time series.
Supports data storage on persistent block storage or NAS servers.
onefirewall-db:
Manages application data and configurations.
Handles Identity and Access Management (IAM) for platform users.
onefirewall-rabbitmq:
Acts as a message queue for data ingestion.
Manages synchronization of threat intelligence data with the OneFirewall cloud platform.
onefirewall-queue-consumer:
A server responsible for dequeuing messages from onefirewall-rabbitmq.
Interacts with the ingestion APIs in onefirewall-server via onefirewall-proxy.
onefirewall-proxy:
onefirewall-wcf-agent:
Implements integrations with various existing router/firewall solutions.
Supports both open-source and commercial firewall solutions.
onefirewall-log-analyzer:
Handles integration with various SIEM solutions.
Manages ingestion and processing of log data.
onefirewall-cloud-sync:
Synchronizes threat intelligence data.
Sends data packets to the message queue (onefirewall-rabbitmq).