In spirit of “defense in depth”, more filtering layer more secure which is a real demand of customer to protect their application. So this short talk will bring up new weapon for firewall as a service in neutron network: L7 firewall API. In this session we will answer a question: “Why L7 firewall API is good for your cloud?”. As a standard firewall may only allow HTTP traffic on TCP port 80, but SQL injection attacks will be allowed through as valid HTTP request. How do we protect customer app? OK. let's discuss about: How does L7 firewall API look like? Which protocols L7 firewall API will support? HTTP over TCP only? How to implement L7 firewall API? iptables or bpf? Future of firewall. Last but not least, demo as demand.