Network firewalls for every integration

Metorial's virtual firewalls govern inbound and outbound network traffic for every integration and MCP server. You can enforce per-workload network policy, block exfiltration, and monitor all traffic.

platform.metorial.com
A screenshot showcasing the Firewalls feature of Metorial.

Firewalls

Network policy enforced on every workload

Code with unrestricted network access is a liability, and integrations often run code you didn't write. Metorial's virtual firewalls put a network policy in front of every integration and MCP server, controlling inbound and outbound traffic so each workload reaches only approved destinations, malicious traffic is blocked, and everything on the wire is recorded.

  1. 01

    Enforce ingress and egress rules.

    Per-workload firewall rules control which hosts and endpoints an integration can send to and receive from. Traffic is allowlisted rather than open by default.

  2. 02

    Block exfiltration and lateral movement.

    Egress filtering stops compromised or malicious code from reaching unauthorized destinations. A single bad workload can't leak data or pivot into other systems.

  3. 03

    Inspect and record traffic.

    All network activity is monitored and logged, giving you the detailed traffic visibility needed for security investigations and compliance.

What firewalls cover

Network policy on every workload

  1. Traffic governedIngress and egress
  2. Default postureAllowlist
  3. Applies toEvery integration and MCP server
  4. TrafficInspected and logged

Set the network policy. Allowlist every destination. Block exfiltration. Inspect all traffic.

FAQ

Answers to common questions about firewalls and how they fit into governed AI agent infrastructure.

  1. What do Metorial firewalls do?
    They're virtual firewalls that enforce network policy on every integration and MCP server, governing inbound and outbound traffic so each workload can only communicate with the hosts and endpoints you allow.
  2. Yes. Rules can be configured per integration or MCP server. Each one's network access matches what it actually needs instead of a single shared policy.
  3. Yes. Outbound traffic is governed by allowlist rules. An integration can't reach unauthorized destinations. This is what blocks data exfiltration and lateral movement if code is compromised.
  4. Yes. All network activity is monitored and recorded, giving you traffic visibility for security investigations and compliance auditing.
  5. Enclaves provide the isolated runtime, and firewalls enforce the network policy around it. Process isolation and network control work together as one boundary.
  6. Yes. Firewall rules govern network access for first-party integrations, custom MCP servers, remote MCP servers, and Docker MCP servers, including code you didn't write.

Put a network policy in front of every workload

See how Metorial firewalls enforce ingress and egress rules, block exfiltration, and inspect all traffic for every integration. Book a demo, or talk to sales.