Related Services

Identity and Access Management (IAM)

Identity and Access Management (IAM) provides the permission management function for CFW. Only users who have Tenant Administrator permissions can perform operations such as authorizing, managing, and detect cloud assets using CFW. To obtain the permissions, contact the users who have the Security Administrator permissions.

Cloud Trace Service (CTS)

Cloud Trace Service (CTS) generates traces to enable you to get a history of operations performed on CFW, allowing you to query, audit, and backtrack resource operation requests initiated from the management console as well as the responses to those requests.

CTS records operations related to CFW, facilitating your further queries, audits, and retrievals.

Log Tank Service (LTS)

Log Tank Service (LTS) collects log data from servers and cloud services. CFW can record attack event logs, access control logs, and traffic logs to LTS, enabling real-time, efficient, and secure log processing.

Simple Message Notification (SMN)

Simple Message Notification (SMN) provides the message notification function. After you enable notification on CFW, you will receive alarms based on the notification mode you configured if your resources are attacked or the protection traffic exceeds your quota.

Enterprise Management

You can manage multiple projects in an enterprise, separately settle their costs, and assign them to different personnel. A project can be started or stopped independently without affecting others. With Enterprise Management, you can easily manage your projects after creating an enterprise project for each of them.

CFW can be interconnected with Enterprise Management. You can manage CFW resources by enterprise project and grant different permissions to users.

Differences from WAF

CFW and WAF are two different products launched by Huawei Cloud to protect your Internet borders, VPC borders, and web services.

The following table describes the differences between CFW and WAF.

**Table 1** Differences between CFW and WAF
Item	CFW	WAF
Definition	Cloud Firewall (CFW) is a next-generation cloud-native firewall. It protects Internet and VPC borders on the cloud by real-time intrusion detection and prevention, global unified access control, full traffic analysis, log audit, and tracing. It employs AI for intelligent defense, and can be elastically scaled to meet changing business needs, helping you easily handle security threats. CFW is a basic service that provides network security protection for user services on the cloud.	WAF keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF). For details about WAF, see What Is Web Application Firewall?
Protection	EIP and VPC borders Basic protection against web attacks Defense against external intrusions and protection of proactive connections to external systems	WAF protects web applications on Huawei Cloud and other clouds and on-premises applications through domain names or IP addresses. Comprehensive protection against web attacks
Features	Asset management and intrusion defense: It detects and defends against intrusions into cloud assets that are accessible over the Internet in real time. Access control: You can control access at Internet borders. Traffic Analysis and log audit: CFW controls, analyzes, and visualizes VPC traffic, audits logs, and traces traffic sources.	WAF identifies and blocks a wide range of suspicious attacks, such as SQL injections, XSS attacks, web shell upload, command or code injections, file inclusion, unauthorized sensitive file access, third-party vulnerability exploits, CC attacks, malicious crawlers, and CSRF.