NetFire Cloud NGFW (Next-Generation Firewall) is part of the NetFire Cloud Networking suite and runs on the same high-performance machine families used across NetFire Cloud. This ensures consistent throughput, predictable pricing, and full compatibility with other NetFire apps and services.

Built for dynamic traffic control and secure interconnectivity, NetFire Cloud NGFW supports traditional and modern VPN deployments, network segmentation, and policy-based routing. It runs best on our Frequency-Optimized Compute tier thanks to market-leading packet processing speeds, powered by AMD EPYC™ 4584PX or newer.

NetFire Cloud NGFW serves as a foundational security and gateway for applications and services within the NetFire Cloud. It can be deployed as a standalone node or in a high-availability configuration to provide redundant protection, and scalable performance.

---

Feature	Details
Stateful Firewalling	Connection tracking, default-deny policies, rule-based traffic control
Dynamic Routing	Supports Internet route advertisement and VRF segmentation
NAT & Port Forwarding	SNAT/DNAT and private IP exposure via port mapping
DHCP/DHCPv6/SLAAC	Address assignment services within customer VRFs
IPsec	Site-to-site, and client tunnels with full RFC-compliant crypto
OpenVPN	Client and site tunnel support for users and endpoints
Redundancy	VRRP-based failover and HA support (Additional NGFW instance required)

Beta Subscription Features

Feature	Description
Metrics Dashboard	Performance insights including throughput, bandwidth, NetFlow/sFlow
REST API	Programmatic access to tunnel, rule, and peer management
SSHTUI	Terminal UI for managing the firewall using the same logic as the REST API

Beta features are subject to change prior to general availability. Availability may vary by instance tier or support level.

All advanced features are subject to change prior to general availability. Some may be gated by instance tier or require additional configuration assistance.

---

NetFire Cloud NGFW runs on the same high-frequency infrastructure as NetFire Cloud. Choose your deployment tier based on your packet load and routing requirements.

NetFire Cloud NGFW is recommended using the Frequency-Optimized tier for most deployment sizes, and on the Thread-Optimized tier for up to 100 Gbit networking and the highest threaded performance available.

Machine Family	Silicon	Ideal For
High-Frequency Optimized	AMD EPYC™ 4584PX or better	Performance-sensitive routing, VPN gateways, edge firewalls
Thread-Optimized	AMD EPYC™ 7763 or better	High thread scenarios, multi-threaded packet processing, distributed firewall clusters

---

The Frequency-Optimized virtual machine tier supports up to 50 Gbps of private networking, making it ideal for packet-intensive workloads such as NGFW (Next-Generation Firewall) deployments. The Thread-Optimized tier supports higher core counts and offers flexible bandwidth for general-purpose and CPU-heavy applications, with the 32-core plan as its highest available configuration.

Machine Family	1 Gbps	10 Gbps	25 Gbps	50 Gbps	100 Gbps
Frequency-Optimized	✔	✔	✔	✔	✘
Thread-Optimized	✔	✔	✔	✔	✔

Notes: Depending on the traffic being processed by the NGFW appliance, an instance upgrade may be required to match the speed and throughput demand.

---

Instance	Ideal Use Case	Monthly Price
HF-2	Remote user access, branch firewalls, point-to-point tunnels	$175
HF-4	Small office NAT, basic site-to-site VPN, edge routing	$350
HF-8	Mid-size VPN concentrator, SNAT/DNAT gateway, multiple routes	$750
HF-12	Regional hub, moderate multi-VRF, concurrent encrypted tunnels	$1,200
HF-16	Core NGFW for multi-site networks, high-volume routing + logging	$1,550

Flat-rate pricing is per-instance and applies regardless of role (primary, failover, or tunnel concentrator). No discounts are provided for multiple nodes. All instances run on High-Frequency Compute.

Additional Services

Service	Description	Rate
Firewall Policy Consulting	Design and best-practice validation	$180.00/hr (Network Administrator rate)
HA / Redundancy Deployment	Clustering setup and configuration	2+ Instance(s) Required
NIDS/NIPS/DPI	Intrusion detection and prevention	HF-16 Instance(s) Required

---

• We do not support full Internet routing for OpenVPN clients due to legal liability and DMCA concerns
• DNS resolution via embedded recursors may be optionally enabled (consult with support)
• WireGuard is not currently supported due to IPv4 limitations and configuration overhead

NetFire Cloud NGFW provides fast, scalable, and secure cloud-scale routing for your network, designed for resilience and high value.