Help Center/ Cloud Firewall/ FAQs/ About the Product/ What Traffic Does CFW Protect?

Updated on 2025-07-23 GMT+08:00

View PDF

What Traffic Does CFW Protect?

CFW is a next-generation cloud native firewall. It can protect the following resources:

Internet border: EIP traffic, including inbound (from the Internet to the firewall) and outbound (from the firewall to the Internet) traffic, can be protected.
VPC border: The traffic between VPCs, and the traffic between a VPC and an on-premises IDC can be protected. The traffic within a VPC cannot be protected.
NAT gateway protection comes in the following scenarios:
- The EIP bound to a NAT gateway can be protected. Only the traffic of the EIP will be audited.
- The SNAT and DNAT traffic can be protected (depending on the VPC border firewall) and traffic can be traced to private IP addresses.

Parent topic: About the Product

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel