High Level Design
A High-Level Design (HLD) architecture of a OneFirewall (White-label)
Introduction
OneFirewall WCF Platform brings together threat intelligence from multiple sources (Alliance), including government agencies, security vendors, and other organizations, and provides a centralized repository for this information
OneFirewall System Components
All services are managed using a containerized solution and deployed on a Kubernetes cluster. The cluster can be a service-managed solution from a cloud provider or an on-premises installation using open-source solutions based on Rancher.
-
onefirewall-server:
-
The core server that exposes the APIs of OneFirewall.
-
Manages the UI functionalities of OneFirewall.
-
Implements authentication using a database-based mechanism.
-
Integrates authentication with OIDC providers: Google, GitHub, and Atlassian.
-
Stores threat intelligence data in time series format within an Elasticsearch cluster.
-
-
onefirewall-elasticsearch:
-
Manages threat intelligence data as time series.
-
Supports data storage on persistent block storage or NAS servers.
-
-
onefirewall-db:
-
Manages application data and configurations.
-
Handles Identity and Access Management (IAM) for platform users.
-
-
onefirewall-rabbitmq:
-
Acts as a message queue for data ingestion.
-
Manages synchronization of threat intelligence data with the OneFirewall cloud platform.
-
-
onefirewall-queue-consumer:
-
A server responsible for dequeuing messages from onefirewall-rabbitmq.
-
Interacts with the ingestion APIs in onefirewall-server via onefirewall-proxy.
-
-
onefirewall-proxy:
- The API gateway for OneFirewall.
-
onefirewall-wcf-agent:
-
Implements integrations with various existing router/firewall solutions.
-
Supports both open-source and commercial firewall solutions.
-
-
onefirewall-log-analyzer:
-
Handles integration with various SIEM solutions.
-
Manages ingestion and processing of log data.
-
-
onefirewall-cloud-sync:
-
Synchronizes threat intelligence data.
-
Sends data packets to the message queue (onefirewall-rabbitmq).
-