Indigo Software-Defined Firewall

Carrier-grade protection plus granular visibility and control

Carrier-grade protection plus granular visibility and control

The Indigo Software-Defined Firewall (SDF) delivers protection of network infrastructure and services on a scale required by large communications service providers (CSPs). It is a multi-vendor solution designed specifically for Security Teams that need a customized, personalized firewall / DPI solution to address today’s complex security and compliance concerns. Telecom and mobile network operators, ISPs and other CSP customers can deploy the Indigo SDF as a next-generation firewall, a WAF (web application firewall), and as a DDoS protection system.

The Indigo SDF protects your network against intrusions, malware, and advanced persistent threats. It also enforces network access controls and regulates IP-based communications network traffic with integrated awareness of applications. This includes capabilities to granularly monitor and govern every application used by your subscribers and every URL they access.

The Indigo SDF also protects your bottom line by helping to grow revenue and retain subscribers. By significantly reducing unacceptably high rates of false positives, it enables maximum use of services—and thereby bandwidth—while controlling harmful or regulated content and apps. The Indigo solution also protects against network downtime and hosted website outages related to DDoS attacks. Consequently, Indigo customers have instantly seen significant improvements in revenue—20% or greater—and subscriber satisfaction after deploying the SDF.

The Indigo Software-Defined Firewall can granularly control what applications are permitted, prioritized or de-prioritized for access.

The firewall integrates the industry’s highest performing DPI engine for unequalled real-time visibility into network traffic. An expressive policy scripting engine based on the Lua programming language, a flexible and dynamic technology that helps SOC teams rapidly adapt policies to mitigate threats or compliance risks. The SDF also integrates the Elastic Stack, which reduces the time to detect breach attempts and other attacks by enabling greater visibility and searchability of metadata and logs (including the Kibana dashboards).


Designed for the unique needs of CSPs

These capabilities and others make the Indigo SDF ideal for meeting a number of challenges faced by security teams at fixed telecom and mobile operators, ISPs, and cloud service and hosting providers.


Regulatory Compliance Quickly and cost-effectively comply with government regulations such as monitoring and controlling apps and access to harmful websites or blocking IP telephony (VoIP).
  • Data Retention
  • Governing access to websites / URLs
  • Governing applications traffic — including encrypted messaging
  • Blocking protocols / proxies / VPNs
Network Security Protect network infrastructure and digital assets while gaining visibility into how and when bad actors are probing your attack surface. Also protect network services and subscribers' websites by preventing DDoS-related outages.
  • Network security monitoring
  • Intrusion detection system
  • Intrusion prevention system
  • Data leakage protection
  • Web application protection
  • DDoS protection
  • Historic and real-time threat reporting
Revenue Growth and Reduced churn Drastic reduction in rates of false positives along with other benefits of the Indigo SDF mean customers can increase revenue and retain subscribers.
  • Dramatically reduces false positives
  • Detects and controls domain fronting without blocking Internet access
  • Enables granular monitoring and control of apps and access to Internet services
  • Reduces downtime
  • Allows network operators to create differentiation
Network Management Raise your network's quality and streamline your business practices with sophisticated traffic management for telecom, Wi-Fi and broadband networks.
  • Captive portals
  • NetFlow probe
  • Traffic analysis
  • Shaping and optimization
  • Charging and billing


Designed specifically for the needs of CSPs, the Indigo SDF is currently in-line at large-scale deployments monitoring and controlling traffic at national telecom companies or powering the entire Internet infrastructure of a country.

To meet the rigorous requirements of these customers—and the high expectations of their customers—the Indigo solution must provide carrier-grade performance and reliability. This includes:

  • <0.1 ms
  • 10G
  • 14.8M
High Availability
  • Bypass mode – prevents network outages in case of power or hardware failure
  • Hot standby – Automatic failover time of one second
Low Latency
  • Zero-copy packet processing and forwarding architecture – bypasses host kernel to achieve minimal latency and maximum throughput
  • One-pass architecture
  • < 0.1 ms
Wire-speed Throughput
  • 10G wire-speed
  • 14.8M packets per second