Help Center/ Cloud Firewall/ FAQs/ About the Product/ What Traffic Does CFW Protect?
Updated on 2025-07-23 GMT+08:00

What Traffic Does CFW Protect?

CFW is a next-generation cloud native firewall. It can protect the following resources:

  • Internet border: EIP traffic, including inbound (from the Internet to the firewall) and outbound (from the firewall to the Internet) traffic, can be protected.
  • VPC border: The traffic between VPCs, and the traffic between a VPC and an on-premises IDC can be protected. The traffic within a VPC cannot be protected.
  • NAT gateway protection comes in the following scenarios:
    • The EIP bound to a NAT gateway can be protected. Only the traffic of the EIP will be audited.
    • The SNAT and DNAT traffic can be protected (depending on the VPC border firewall) and traffic can be traced to private IP addresses.