Cyberfort Ltd

Managed Firewall

Cyberfort’s Managed Firewall Service draws on our experience and depth of knowledge in perimeter security and is a fully-managed service that ensures best practices are employed in the initial setup and ongoing management of your firewall rules and policies.


  • Advanced protection options: Intrusion Detection/Prevention, IPSec and TLS VPN
  • Bespoke design for every business use case
  • Security-focused advisory service, review of each request for network safety
  • Experienced security team with many years experience defending against cyber-threat
  • Multi-vendor offering to suit customer needs
  • UK-based, ex-MoD, ISO27001, PCI-DSS and CE+ certified datacentres


  • Logically segment networks into different zones of trust
  • Improve security with best-practice configuration delivered by security specialists
  • Mitigate safety concerns and fend off network threats
  • Built by security specialists to the highest standards of compliance
  • Minimal attack surface and least-privilege design
  • Fully-managed firewall service offerings tailored to your business need
  • Enhance business confidence in secure, consistent delivery of IT services
  • Maximize your uptime with our high-availability (HA) service offering
  • Assured UK data residency and sovereignty
  • 24/7/365 monitoring by our ever-vigilant, UK-based Operations Team


£100 an instance a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

6 7 4 0 7 3 6 4 9 1 9 2 7 1 3


Cyberfort Ltd Cyberfort Bid Team
Telephone: 01635 015600

Service scope

Service constraints
The Managed Firewall Service is fully managed by Cyberfort so all configuration changes and firewall rules should be submitted to the service desk and actioned by the security team. On setup we will agree a regular maintenance window which will be required to upgrade and patch the firewall device. For HA customers impact can be limited to a risk window where the HA mechanism will keep traffic flowing whilst maintenance is being carried out.
System requirements
  • Open source offering requires no license
  • Commercial offering may require additional license

User support

Email or online ticketing support
Email or online ticketing
Support response times
Cyberfort’s Service Desk operates 24 hours a day 365 days a year and is primary point of contact for any incidents, requests or escalations.
Each inbound query made by the client is captured by Cyberfort’s ticketing system and assigned a unique reference number with an appropriate priority rating.
A ticket number will be issued with an initial response within the first 15 minutes of logging a query and resolution times will be subject to the priority rating assigned.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
In regard to assistive users, our Online Chat service provider (Microsoft) undertakes and publishes regularly and routine testing for assistive requirements:
Onsite support
Yes, at extra cost
Support levels
Effective service management is the key to the smooth delivery of our G-Cloud services during our engagement with clients, and as a result, they will receive secure, flexible and reliable services from Cyberfort utilising robust support and service management processes and best practice. From the Service Desk to your dedicated Account Manager, all are in place to manage the relationship across your business and ensure that you receive the right engagement to help drive and deliver a great service.
• Cyberfort’s Service Desk operates 24 hours a day 365 days a year and is primary point of contact for any incidents, requests or escalations.
• The Cyberfort Service Desk team will proactively manage all support calls to resolution, escalating incidents and problems in line with comprehensive operational level agreements, service level agreements and any third-party underpinning contracts.
• We place significant importance on the support and service management function that is provided for each contract according to operational requirements.
• This is integrated into contracts and built into the price.
• Ongoing support and management will be led by a dedicated Account Manager supported by Service Delivery Manager, Technical Champion, and our team of specialists and subject matter experts.
Support available to third parties

Onboarding and offboarding

Getting started
Cyberfort applies the core principle of providing you with an assured and auditable approach to the design and delivery of our Cloud Hosting services. We take a “one team” approach, working with clients, engaging with stakeholders, and focusing on business objectives, to build relationships that are conducive to agile delivery of project outcomes.
Service initiation and on-boarding are covered during project delivery to ensure clients maximise the value of their investment, and include the following elements:
• Clients will receive a ‘Welcome Pack’ containing details of the service, key contacts, processes and services that they should be aware of.
• Project Manager (PM) will lead a Project-Kick Off meeting with the client.
• A ‘Delivery and Implementation Plan’, defining project specific deliverables, dependencies, resource requirements and timeframes.
• Scheduled reporting, validation and agreement of all project deliverables at key milestones.
• Full risk assessment conducted across all aspects of the project.
• Operational Acceptance to record SLA’s that the Project, Technical Delivery, Facilities and Service Support Teams will follow to ensure services are introduced consistently and efficiently.
Additional, focused training is available at an extra cost.
Service documentation
Documentation formats
End-of-contract data extraction
There is no user data, only firewall configuration which are securely deleted upon end-of-contract. The firewall logs are deleted from the device with a military grade disk wipe. The disk is then physically destroyed.
End-of-contract process
Clients can choose to ‘off-board’ services from Cyberfort as follows:
• Provide three months' notice in writing (to expire on or after the Initial Term), to their account manager (directly or via the Service Desk), who will assist in arranging any required off-boarding services and the deletion of client data.
• Once the required works are agreed and the client has exported their data, Cyberfort will shut down and destroy any remaining services.
• Fees may apply for off-boarding technical work and process management.

Using the service

Web browser interface
Command line interface


Scaling available
Independence of resources
Physical firewalls are dedicated for the sole use of the customer. Virtual firewalls can have dedicated resource reservations that cannot be breached by other users. The guarantee of virtual resource reservation is provided by the underlying hypervisor.
Usage notifications
Usage reporting


Infrastructure or application metrics
Metrics types
  • CPU
  • HTTP request and response status
  • Network
  • Number of active instances
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Other
Other data at rest protection approach
Encryption of physical media where physical location cannot be controlled or subject to client requirements.
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
What’s backed up
  • Firewall configuration files
  • Firmware
Backup controls
There is no user control of backups. A backup is made by Cyberfort upon every configuration change.
Datacentre setup
Multiple datacentres
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
SSH with public key encryption
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
SSH with public key encryption

Availability and resilience

Guaranteed availability
Service availability achieved within any month shall be calculated monthly as follows: (Total online hours of availability – service downtime) x 100% Total online hours of availability.

The service availability calculation above will exclude any time which occurred as a result of events outside the control of Cyberfort. In the event the target service availability level is not achieved when measured over a monthly period, the following service credits shall apply: For each full percentage point (1%) by which the availability in any month is reduced below the target availability, a service credit shall be due which is equal to 5% of the monthly charge for the affected service line subject to a maximum of 100% of the affected service line for the month.
Approach to resilience
Cyberfort has two data centres in geographically separate locations. This enables Cyberfort to offer solutions such as infrastructure mirroring or a warm standby environment, both available should your primary environment become unavailable for any reason. Cyberfort data centres are linked to one another and to the Internet via fully redundant diverse circuits.
Customer Environments are deployed according to the specific requirements of the customer.

Datacentre infrastructure is designed in a N+1 or N+N depending on requirements or infrastructure type.

Network ISP services are deployed in a N+N configuration.

Power & A/C
2×11,000 Volt HV Feeds. Primary feed direct from national grid sub-station
Backup Generators
Various UPS systems capable of supplying dual UPS feeds
N+1 chilled water system, with zoned hotspot directional air provision sensors

Carrier Neutral Facility
Multiple Internet Service Providers
Diverse Independent Risers from highway to data floors
Choice of ISP’s/Telecommunications providers
Satellite dish and Microwave space available
Outage reporting
Cyberfort Managed Firewall services are continuously monitored, with alerts automatically responded to by the Cyberfort technical support teams.
Customer notifications are managed via our ticketing system / Email

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access restrictions are typically defined by the client. Cyberfort recommend access via VPN only or SSH with Public Key Authentication for firewall systems. IP Access Control Lists can be implemented to restrict the source of traffic to authorized VPN and SSH endpoints if required.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
Devices users manage the service through
Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
Valid from:19/05/20 - Expires: 18/05/2023
What the ISO/IEC 27001 doesn’t cover
A14.2.7 Outsourced Development 15.1.3 Information, Communication and technology supply chain
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
247 CyberLabs Ltd
PCI DSS accreditation date
Valid from: 05/09/2021 Expires:05/09/2022
What the PCI DSS doesn’t cover
Requirement 3 Requirement 4 Appendix A1 Appendix A2
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
Data Security and Protection Toolkit

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
As an ISO 27001 accredited company, Cyberfort recognize the importance of Information Technology (IT) and its impacts on Information Security and have designed our ‘IT Information Security Policy’ to ensure correct and secure operations are maintained across or organization. The policy applies to all our operations and all that we do, including 3rd parties, recruitment, IT security, and physical security amongst other subjects.

To ensure that the importance of each information security area is not missed or vague, we use separate policies and procedures for each information security area and where applicable, including; business continuity, breach management, physical and environment security, HR resource security, incident management, asset management, access control, supplier relationships, and information management policies.

Cyberfort’s Group Data Protection & Compliance Officer is responsible for managing and directing our Information Security efforts within this organization and that our policies are approved at board level.

The IT Information Security Policy is reviewed annually as a matter of course, considering our organizational or technical infrastructure, legislation, and incident reviews. An Information governance and compliance team is in place with clear roles of responsibilities to manage and maintain the compliancy frameworks within the business

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Cyberfort's change management policy is documented and audited as part of our ISO27001 accreditation and ensures all changes are auditable and subject to the correct level of scrutiny based on the potential risk and impact.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Cyberfort use continual vulnerability monitoring to alert us to threats in real-time and in the face of constant changes to our services. An annual infrastructure assessment is commissioned to perform more detailed analysis. Critical vulnerabilities are patched or mitigated within 30 days.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Cyberfort deploy next generation endpoint security agents which constantly assess the behavior of the servers and endpoints for malicious or threatening activity. Threats are notified to out 24x7x365 Service Desk for remediation.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Cyberfort operate ISO27001 and ITIL process for Incident Management, with defined paths for escalation which are dependent on Impact and Urgency. Users can report Incidents by Email, Telephone or Self Service Portal. Incident Reports are provided via Email.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
Other virtualisation technology used
KVM Hypervisor,
Red Hat Virtualisation
How shared infrastructure is kept separate
Physical firewalls are dedicated for the sole use of a single client. Where multi-tenant infrastructure is used (Virtual Firewalls), each organization has a dedicated set of VLANs which run through the infrastructure. The underlying Hypervisor is trusted to protect against cross vm interference and are patched to mitigate against exploits.

Energy efficiency

Energy-efficient datacentres

Social Value

Fighting climate change

Fighting climate change

Cyberfort are committed to fighting climate change and promoting sustainable development by reducing, as far as practical, our environmental impacts from business activities and as a result, an Environmental Management System (EMS) has been implemented which meets the requirements of BS EN ISO 14001:2015.
For example, against MAC 4.1 we are committed to achieving Net Zero by 2050. We have policy commitments to become a net-zero and environmentally conscious company by conserving energy, minimising consumption, reducing, and preferring low pollution materials, maximising environmental efficiency, whilst ensuring waste is managed and controlled.
Key Areas of focus
• Cyberfort to consider who we purchase goods and services from ensuring providers are targeting net-zero initiatives and consider environmental impacts.
• Assess external provider environmental policies and sustainable product and services.
• Ensure ethical, equality, human rights and employee standards are met. Preferring external providers who are firmly committed to enhancing their environmental performance.
Covid-19 recovery

Covid-19 recovery

Cyberfort commits to supporting the Covid-19 recovery, for example against MAC 1.5 we are undertaking regular Risk Assessments, implementing the following improvements in line with Risk Assessment findings and validated with our external Health & Safety partner:
• Closure of 3 offices where social distancing was not possible or appropriate, moving staff to either remote or hybrid working contracts.
• Reassessed our COVID risk assessment to ensure that appropriate controls remain.
• Allowing teams to return to remaining offices as required by managers for planning, collaboration or team-building meetings.
• Deconflicting teams on-site, continuing the ability to maintain controls where necessary.
• Provision of Lateral Flow Test kits for all remaining offices.
• Maintaining all sanitization stations and controls.
• Maintaining effective social distancing where appropriate.
Tackling economic inequality

Tackling economic inequality

Cyberfort is committed to tackling economic inequality, through supporting new businesses, new employment opportunities and development of new skills. We are currently signatories of the Tech Talent Charter and the Armed Forces Covenant and are a Disability Confident Employer. Most recently we have become founding members of Neurodiversity in Business and we have partnered with to Lexxic help us on our journey to becoming a Neurodiversity Smart employer.

Specific commitments for example are:
Against MAC 2.2 - Cyberfort will be offering Apprenticeship placements in 2022.

Against MAC 2.3 – We have long been advocates of education and sharing our knowledge and regularly interact with local schools, colleges and universities and has been involved in supporting the East Kent Colleges in the development of the Cybersecurity GNVQ qualification. We have various work experience schemes in place for school children and contribute to virtual careers fairs in the Kent Area.

Against MAC 3.5 - With cyber security at the heart of Cyberfort, we have adopted the required technical standards and best practice as a basis for appropriate cyber security controls, including both our compliance and cybersecurity practices have NCSC certified services.
Equal opportunity

Equal opportunity

Cyberfort is an equal opportunities employer and commits to supporting Equal Opportunities through Social Value. We value people as individuals with diverse opinions, cultures, lifestyles and circumstances. All employees are covered by our Equality & Diversity policy and it applies to all areas of employment including recruitment, selection, training, deployment, career development, and promotion. These areas are monitored, and policies and practices are amended, to ensure that no unfair or unlawful discrimination, intentional, unintentional, direct or indirect, overt or latent exists. As part of our ambition to be a Neurodiversity Smart employer, we will be auditing all our recruitment and selection processes to ensure we are inclusive of neurodivergent individuals.

Specific commitments for example are:
Against MAC 6.2 - We provide training, development and progression opportunities to all staff to support in-work progression. We are committed to ensuring that each employee/contractor is given the opportunity to develop within the organization, in accordance with ability, ambition and opportunities available. As a commitment to people, Cyberfort encourages everyone to reach the fullest potential with opportunities available. We have recently launched an internal mentoring scheme, connecting employees with experienced professionals who can support them with their professional journeys.

Against MAC 6.3 - While Cyberfort is not required under S.54 of the Modern Slavery Act 2015 to have an Anti-Slavery Policy, we feel passionately that we must act ethically and transparently in every situation and consequently have set out the steps that we have taken, and are continuing to take, to ensure that modern slavery or human trafficking is not taking place within our business or supply chain. Modern slavery encompasses slavery, servitude, human trafficking and forced labour. We have a zero–tolerance approach to any form of modern slavery.


Cyberfort fully supports and is committed to supporting Wellbeing, for example against MAC 7.1, we have understood the issues relating to health and wellbeing, including physical and mental health and have the delivered the following to support our workforce:

Mental Health First Aiders – We have 9 fully trained Mental Health First Aiders within our workforce. They are a point of contact and reassurance for any person who may experience a mental health issue of emotional distress, offering an ear, cuppa and support and where needed signpost people to the appropriate services for further support.

Awareness Days – Through awareness we can support one another. We have organised and promoted events for the workforce, for example in February we offered a Free Webinar ‘5 ways to increase your happiness in 2022’ with Dr Andy Cope (the doctor of happiness) and we will be supporting Mental Health week in May with various activities each day.

Wellbeing Page - We have a Wellness Page on Cyberfort’s SharePoint that provides information on support available from Cyberfort, our Mental Health First Aiders, and links around advice from other organisations such as:
• Working from home - a Wellness Action Plan by Mind
• Every Mind Matters One You by the NHS
• App for meditation and relaxation by Calm
• 5 steps to mental wellbeing by the NHS


£100 an instance a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.