Frequently Asked Questions.

Neurowall is a high-performance gateway firewall platform that protects internet-facing infrastructure from cyber threats and DDoS attacks. It runs on standard Linux servers and supports deployment across cloud, on-premises, and hybrid environments.

Neurowall protects internet-facing infrastructure including websites, APIs, cloud workloads, Kubernetes clusters, data centers, branch offices, and hosting platforms.

Traditional firewalls require proprietary hardware appliances with complex licensing and hardware refresh cycles. Neurowall runs on standard Linux infrastructure — cloud instances, bare metal servers, or virtual machines — with API-first management and flexible deployment across any environment.

Not necessarily. Neurowall can complement existing security infrastructure by providing additional gateway filtering, DDoS protection, or threat intelligence enforcement. It can also serve as a standalone gateway firewall for new deployments.

CloudArmour is the company. Neurowall is the flagship product — a gateway firewall and DDoS protection platform. CloudArmour also builds Beagle (Kubernetes runtime security) and Elf-Owl (Kubernetes compliance monitoring).

eBPF (extended Berkeley Packet Filter) is a Linux kernel technology that allows verified programs to run safely inside the kernel without modifying kernel source code. Neurowall uses eBPF for high-performance packet filtering at the kernel level. Read more about eBPF →

XDP (eXpress Data Path) is a high-performance networking framework built on eBPF. It processes packets at the network driver level — before the kernel's full network stack — enabling Neurowall to drop attack traffic before it consumes system resources. Read more about XDP →

Neurowall requires Linux kernel 6.8 or later. Distributions that ship with a qualifying kernel: Ubuntu 24.04+, Debian 13+, and Fedora 40+. Earlier releases — Ubuntu 22.04 (5.15), Debian 12 (6.1), RHEL 9 (5.14), Rocky Linux 9 (5.14) — do not meet this requirement unless the kernel is manually upgraded.

No. Neurowall runs on standard x86_64 Linux servers, cloud instances, and virtual machines. For best performance at high throughput, NICs with native XDP driver support are recommended but not required.

Firewall rules are stored in eBPF maps — kernel-space hash tables with O(1) lookup time. Rule count has minimal impact on throughput. Neurowall maintained full ISP line rate with over 250,000 IP rules loaded in testing.

Anywhere Linux runs: cloud instances (AWS, Azure, GCP), bare metal servers, virtual machines (VMware, KVM, Hyper-V), Kubernetes ingress nodes, and edge locations.

A basic deployment with your first firewall rule can be completed in under 15 minutes. Production deployments with HA, threat intelligence, and monitoring integration typically take 1–2 hours.

Yes. Neurowall runs on any cloud provider's Linux instances. The same firewall policies work across AWS, Azure, GCP, and private cloud environments — managed from a single REST API.

Yes. Neurowall supports active-passive HA with automatic failover using etcd-based leader election. The standby node continuously syncs state and assumes the active role when the primary fails — typically within 3 seconds.

Yes. Neurowall deploys as a DaemonSet on Kubernetes ingress nodes to filter traffic at the XDP layer before it reaches application pods. It scales automatically as the cluster grows.

Neurowall supports PostgreSQL for production multi-node deployments and SQLite for single-node or edge deployments. The same application code works with either backend.

Through the web interface, REST API, or CLI. All three methods manage the same rules and support the same operations. Changes synchronize automatically to the eBPF/XDP and nftables data planes.

Yes. The REST API enables integration with Ansible, Terraform, CI/CD pipelines, and custom automation workflows. All firewall operations are available through the API — rule creation, threat intelligence, HA management, and monitoring.

Neurowall exports 70+ Prometheus metrics covering packet counters, rule sync status, eBPF map utilization, API request rates, and system health. Health endpoints support Kubernetes liveness and readiness probes. Use Grafana for dashboards and alerting.

Three roles: Admin (full access), Operator (manage rules and configuration), and Viewer (read-only access). All administrative actions are recorded in an immutable audit log.

Neurowall automatically fetches, normalizes, and deduplicates threat indicators from multiple sources — AbuseIPDB, OTX, MISP, and custom feeds. Indicators are cached in Redis and enforced in kernel-space eBPF maps. The system continues operating normally if feeds are temporarily unavailable.

Yes. The Community edition is free with no time limit and includes core firewall features. It is suitable for evaluation, development, and smaller deployments.

Per node, not per traffic volume. Your costs are predictable regardless of traffic patterns or attack volumes — there are no surprises during a DDoS event.

Nothing. Neurowall pricing is per node. Unlike cloud-based scrubbing services, there are no per-attack or bandwidth-based charges when you are under attack.

Yes. Volume pricing is available for MSPs and hosting providers managing multiple customer deployments. Contact our partnerships team for details.

Community edition includes community support via GitHub. Professional edition includes priority email support. Enterprise edition includes dedicated support with SLA guarantees and a named support contact.

Contact security@cloudarmour.io for responsible disclosure of security vulnerabilities in CloudArmour products. We aim to acknowledge all reports within 48 hours.

Full documentation is available on our documentation site. See the Resources page for links to guides, API references, and deployment walkthroughs.

Book a demo and our technical team can walk through your specific deployment requirements. Enterprise customers also have access to professional services for complex deployments.