Updated on 2024-11-04 GMT+08:00

Viewing a Predefined Address Group

CFW provides you with predefined address groups, including NAT64 Address Set and WAF_Back-to-Source_IP_Addresses. You are advised to allow access from both the address groups.

  • NAT64 Address Set: If the IPv6 EIP function is enabled, CFW will convert a source IPv6 address to an IP address in this address group. For details about the IPv6 EIP function, see Assigning or Releasing an IPv6 EIP.

    If you have enabled the IPv6 EIP function, you are advised to allow traffic from NAT64 Address Set.

  • WAF_Back-to-Source_IP_Addresses: provides back-to-source IP addresses of WAF in cloud mode. For more information, see What Are Back-to-Source IP Addresses?
    • If these groups are specified in a protection rule and the back-to-source IP address changes, you do not need to manually update the rule. The firewall automatically updates the IP address in the address group every day.
    • If these groups are added to the blacklist or whitelist, and the back-to-source IP address changes, you need to manually update the blacklist or whitelist.

You can only view predefined address groups, but cannot add IP addresses to it, or modify or delete it.

Viewing a Predefined Address Group

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click View in the Operation column of a firewall to go to its details page.
  5. In the navigation pane, choose Access Control > Object Groups.
  6. Click the IP Address Groups tab. Click the Pre-defined Address Groups tab and click the name of an address group. On the details page that is displayed, view the address group information.