Cloud teams move fast! Firewall policy does not.
Most organizations still rely on static IP-based rules, leading to massive backlogs, brittle exceptions, and endless tickets like “Please open X.X.X.X to X.X.X.X:443”.

Why does this happen?

Because when we lift on-premise firewall thinking into the cloud, the model breaks. Even the best Next-Gen Firewalls fail when they are fed static objects instead of dynamic, metadata-driven policy.

In this session, we explore a modern approach to cloud firewalling:
using resource tags and cloud metadata to drive low-risk policy automatically, reducing rule sprawl and freeing firewall teams to focus on what actually matters — protecting critical assets instead of chasing ephemeral workloads.

You’ll learn why traditional rulebases collapse at cloud scale, how metadata can replace thousands of manual rules, and how to build a scalable, vendor-neutral architecture that aligns with Landing Zones and Zero Trust principles.

This talk is practical, opinionated, and entirely vendor-agnostic.
The technology exists in every major NGFW — the difference is how you architect and use it.

This session does not promote any firewall vendor.
All examples are vendor-neutral, focusing on architecture, metadata, and governance rather than product features. The principles apply equally across Azure Firewall, Palo Alto, Fortinet, Check Point, and other NGFW platforms.