Does data center hosting servers have firewall in their routers?

Question

When I setup some application in my home environment, to access that application from outside over internet I need to open ports in my router. So if I host an application in a rented Data center, does it require the same ? I am not talking about to open ports in my server firewall, it is about the router firewall. If it requires, who does this configuration or I need to put a request to Data center to open ports for my application ?

Answer 1

Generally, when you host in a DC you only need to configure the firewall on your server. However, some cloud providers (AWS for example) also have an upstream firewall that you need to configure.

Answer 2

Many hosting providers will primarily use their routers to route traffic and will give you an effectively unfiltered direct internet uplink and a firewall would be an additional appliance/service that you would need to either activate or order specifically (possibly at additional cost).
Other providers may offer to default to a secure configuration and will deny all traffic until you explicitly allow it.
If either is the case typically you will also get the ability to directly configure the rule sets or the firewall itself.

But which services the hosting provider offers should be clear on either the sign-up form or the product description.

Admittedly sometimes firewall policies might also be worded differently and hidden a bit in the technical limitations, known issues, the terms and conditions or an acceptable-use-policy. For instance that to prevent abuse a hosting provider will (also) filter ports and/or services for all/specific customers, or that due to design choices/technical limitations some less common protocols (possibly even everything that is not ICMP, UDP or TCP/IP) are not supported.

One of my current providers says, without actually using the word "firewall", the following in their policy:

• Provider is entitled to actively block ports or IP addresses for the Network, in the event that such is – in Provider's reasonable view – necessary to preserve or protect the security and performance of the Network or the Internet or the World Wide Web.
  An overview of the blocked ports or IP addresses may be requested in writing by Customer from the Provider.
• Without prejudice to the generality of Clause x.y of the Acceptable Use Policy, the Provider shall in any event actively block the following ports for its Network:
  1. UDP/137 – Netbios;
  2. UDP/139 – Netbios;
  3. TCP/135-139 – Netbios;
  4. TCP/445 – SMB.
• If Provider reasonably suspects that Customer is subject to or participating in a DoS attack, DDoS attack, DRDoS attack or another attack and (in Provider’s reasonable opinion) such attack negatively affects the Infrastructure, Provider shall be entitled to immediately block access to Customer's infrastructure.