In an example, a computing system is configured to monitor for changes to a cloud environment that includes a configuration management system and one or more nodes to operate one or more first host-based firewall configurations, respectively, the host-based firewall configuration(s) generated based on code provided by the configuration management system; in response to a detection of a change, increment a version count associated with the cloud environment; identify a request from one of the nodes, the request including version information for a corresponding one of the host-based firewall configuration(s); compare the version information from the request to a current value of the version count; and in response to the comparison indicating a mismatch, control the node associated with the request to converge with the configuration management system to cause the node associated with the request to operate with a second host-based firewall configuration.