Help Center/
Cloud Firewall/
User Guide/
Enabling VPC Border Traffic Protection/
VPC Mode/
Creating a Firewall (VPC Mode)
Updated on 2024-11-04 GMT+08:00
Creating a Firewall (VPC Mode)
A VPC border firewall can collect statistics on the traffic between VPCs, helping you detect abnormal traffic. This section describes how to create a VPC border firewall.
Constraints
Only the professional edition supports VPC border firewalls.
Procedure
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project. - In the navigation pane on the left, click
and choose . The Dashboard page will be displayed. - (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click View in the Operation column of a firewall to go to its details page.
- In the navigation pane, choose Assets > Inter-VPC Border Firewalls.
- Click Create Firewall.
- Configure a CIDR block. An inspection VPC will be automatically created by default.
Figure 1 Network planning
Pay attention to the following restrictions during network planning:
- After a firewall is created, its CIDR block cannot be modified.
- The CIDR block must meet the following requirements:
- Only private network address segments (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) are supported. Otherwise, route conflicts may occur in public network access scenarios, such as SNAT.
- The CIDR block 10.6.0.0/16-10.7.0.0/16 is reserved for CFW and cannot be used.
- This CIDR block cannot overlap with the private CIDR block to be protected, or routing conflicts and protection failures may occur.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
