Overview

Cloud Firewall (CFW) provides traffic protection for cloud services at the Internet border, VPC border, and NAT gateway.

This section describes the configuration processes in different scenarios.

Procedure	Description	Reference
Purchasing CFW	Purchase a CFW instance in the region where you want to protect traffic.	Purchasing CFW
Enabling EIP protection	Enable protection for one or more EIPs. CFW protects Internet border traffic by protecting EIPs.	Enabling EIP Protection
Configuring protection policies	By default, CFW allows all traffic. You need to configure protection policies to protect traffic. The following protection policies are provided: Protection rules: You can set rules to control traffic by IP address, IP address group, region, or domain name. Blacklist/Whitelist: Traffic is controlled based on specific rules configured for IP addresses and IP address groups. Traffic that matches the whitelist is directly allowed without being checked by other functions. Intrusion prevention: Network attacks are blocked based on multiple IPS rule databases. Antivirus: Virus-infected files are blocked based on protocol types.	Protection rules: Blacklist/Whitelist: Intrusion prevention: Antivirus:
Checking logs	View the traffic protection outcomes in logs.	Viewing Logs
Example scenarios: Implement refined management and control of EIP traffic based on protection rules. For details, see Configuring a Protection Rule to Allow the Inbound Traffic to a Specified EIP. Use the intrusion prevention function to defend against common attacks. For details, see Configuring Intrusion Prevention to Protect EIPs.

Procedure	Description	Reference
Purchasing CFW	Purchase a CFW instance in the region where you want to protect traffic.	Purchasing CFW
Enabling VPC protection	Enable protection for two or more VPCs. CFW protects VPC border traffic by protecting the VPCs.
Configuring protection policies	By default, CFW allows all traffic. You need to configure protection policies to protect traffic. The following protection policies are provided: Protection rules: You can set rules to control traffic by IP address, IP address group, region, or domain name. Blacklist/Whitelist: Traffic is controlled based on specific rules configured for IP addresses and IP address groups. Traffic that matches the whitelist is directly allowed without being checked by other functions. Intrusion prevention: Network attacks are blocked based on multiple IPS rule databases. Antivirus: Virus-infected files are blocked based on protocol types.	Protection rules: Blacklist/Whitelist: Intrusion prevention: Antivirus:
Checking logs	View the traffic protection outcomes in logs.	Viewing Logs
Example scenarios: Configure CFW protection rules to control inter-VPC traffic. For details, see .

Procedure	Description	Reference
Purchasing CFW	Purchase a CFW instance in the region where you want to protect traffic.	Purchasing CFW
Enabling VPC (NAT) protection	Enable protection for two or more VPCs. CFW protects the traffic of the NAT gateway by protecting the VPC where the NAT gateway resides.
Configuring protection policies	By default, CFW allows all traffic. You need to configure protection policies to protect traffic. The following protection policies are provided: Protection rules: You can set rules to control traffic by IP address, IP address group, region, or domain name. Blacklist/Whitelist: Traffic is controlled based on specific rules configured for IP addresses and IP address groups. Traffic that matches the whitelist is directly allowed without being checked by other functions. Intrusion prevention: Network attacks are blocked based on multiple IPS rule databases. Antivirus: Virus-infected files are blocked based on protocol types.	Protection rules: Blacklist/Whitelist: Intrusion prevention: Antivirus:
Checking logs	View the traffic protection outcomes in logs.	Viewing Logs
Example scenarios: Configure CFW protection rules to control NAT gateway traffic. For details, see

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel