Container Firewall

Secure containerized workloads with network security controls for hybrid and multi cloud Kubernetes environments.

Zero-Trust Explainer Video


Improves the network security posture of containerized workloads across multi-cluster, multi-and hybrid cloud environments

Protect Outbound Traffic

Secure workload access to external resources with advanced network policies and egress gateways

Prevent Lateral Movement of Threats

Enforce Zero-trust policies to restrict east-west traffic between untrusted pods

Detect and Block Attacks

Prevent network-based attacks from malicious sources at the granular workload-level

Trusted by Customers Worldwide

Calico is the chosen active security platform for enterprises small and large

Solution Architecture

Secure Outbound Traffic

Deploy granular, zero-trust workload access controls from individual pods in Kubernetes clusters to external resources, including databases, internal applications, 3rd-party cloud APIs, and SaaS applications.

Secure pods using fine-grained DNS egress policies and NetworkSets.

Learn More

Egress Gateway

Identify the traffic source from a Kubernetes cluster at the namespace or pod level to enforce traffic policies using existing network security tools such as perimeter firewalls.

Assign a fixed, routable IP to a Kubernetes namespace to identify workloads running within that namespace.

Learn More

Network Visibility

Get complete network topology and traffic visibility with a graph-based visualization of your Kubernetes deployments. Troubleshoot security and compliance gaps, connectivity breakdowns, anomalous behavior, and security policy violations.

Learn More

Intrusion Detection and Prevention

Protect against data exfiltration and malware attacks by blocking communication to known malicious IPs, domains, and VPNs by ingesting global threat intelligence feeds.

Stop zero-day attacks with heuristics-based learning of anomalous network activity. Apply deep-packet inspection (DPI) to selective workloads to detect suspicious activity.

Detect and prevent OWASP Top 10 attacks with workload-centric web application firewall (WAF). Intercept DDoS attacks by blocking requests from malicious IPs.

Learn More

Application-Layer Policy

Apply security controls at the application level to secure pod-to-pod traffic, including HTTP methods and URL paths. Eliminate the operational complexity of deploying an additional service mesh.

Gain application-layer visibility into service-to-service communication.

Learn More

Dynamic Microsegmentation

Achieve workload isolation based on environments, application tiers, compliance needs, user access, and individual workload requirements. Get automatic and continuous policy recommendations for namespace-based isolation.

Enforce consistent segmentation policies across the environment.

Learn More

Security Policy Management

Collaboratively author, stage, preview, enforce, and manage security policies with Calico’s unified policy framework. Test policy before deployment using staged policies. Deploy policies in hierarchical policy tiers based on roles and permissions to ensure consistent enforcement of policies. The manager UI has a policy board so teams can easily view and manage all active and inactive security policies in the Kubernetes cluster.

Learn More

Microsoft Azure and AWS Marketplace Ready

Getting started with Calico and AWS or Microsoft Azure is easy. Everything you need to get up and running is available on AWS marketplace and Azure marketplace.

Customer Testimonial

Here’s what our customers are saying about us

Calico is critical for multi-tenant clusters that require microsegmentation and isolation.
Mohan Atreya
Senior VP of Product and Solutions,
Learn More
Read Customer Stories

Featured Resources

Developer-created resources to help you secure your Kubernetes deployment


Transforming container network security with Calico Container Firewall

Network security for containers and Kubernetes needs a new approach for hybrid, multi-cloud environments.
Read More

Microsegmentation Datasheet

Scalable, unified microsegmentation for cloud-native workloads across all of your environments.
Read More

Evaluating container firewalls for Kubernetes network security

Can NGFW container firewalls protect cloud-native applications?
Read More
All Resources

Ready to Get Started?

Start a free trial or contact us to see Calico in action