Function
CFW provides the standard and professional editions to implement access control, attack defense, traffic analysis, and log audit.
Edition |
Billing Mode |
Protected Object |
Description |
---|---|---|---|
Basic edition |
Yearly/Monthly |
EIP |
|
Standard |
Yearly/Monthly |
EIP |
|
Professional |
|
|
|

The meanings of the symbols in the table are as follows:
- √: The function is included in the current edition.
- x: The function is not included in the current edition.
Dashboard
Dashboard displays the overall protection and security policy configuration of cloud assets, helping you learn the security status of assets.
Function |
Description |
Standard |
Professional (Yearly/Monthly) |
Professional (Pay-per-Use) |
---|---|---|---|---|
Dashboard |
The Dashboard page displays the security protection status of cloud assets in real time, helping you comprehensively understand security risks such as attack events and abnormal traffic. |
√ |
√ |
√ |
Asset Management
CFW provides security protection for cloud assets, effectively reducing security risks.
Resource Name |
Description |
Standard |
Professional (Yearly/Monthly) |
Professional (Pay-per-Use) |
---|---|---|---|---|
IPv4 |
Protect your IPv4 assets. |
√ |
√ |
√ |
IPv6 |
Protect your IPv6 assets. |
× |
× |
× |
EIP |
CFW protects Internet border traffic by protecting EIPs. |
√ |
√ |
√ |
VPC |
CFW protects traffic for VPCs, enabling traffic protection between VPCs and between IDCs and VPCs on the cloud. |
× |
√ |
√ |
Function |
Standard |
Professional (Yearly/Monthly) |
Professional (Pay-per-Use) |
---|---|---|---|
Protected EIPs |
20 (can be increased to 2000) |
50 (can be increased to 2000) |
1000 (upper limit) |
Protected VPCs |
× |
2 (can be increased to 500) |
20 (upper limit) |
Internet Border Protection Bandwidth |
10 Mbit/s (can be increased to 2,000 Mbit/s) |
50 Mbit/s (can be increased to 2,000 Mbit/s) |
1 Gbit/s |
VPC Border Protection Bandwidth |
× |
200 Mbit/s (can be increased with the number of VPCs) |
Access Control
Access control policies help you control traffic on cloud resources in a refined manner based on specified parameters, such as IP addresses and ports.
Function |
Description |
Standard |
Professional (Yearly/Monthly) |
Professional (Pay-per-Use) |
---|---|---|---|---|
Protection Rule |
You can flexibly manage and control access traffic based on IP addresses, domain names, domain groups, and geographical locations. |
√ |
√ |
√ |
Blacklist and Whitelist |
Accurately controls specific traffic based on 5-tuple. |
√ |
√ |
√ |
Policy Assistant |
You can quickly check protection rule hits and adjust rules in a timely manner. |
√ |
√ |
√ |
Attack Defense
Attack defense provides functions such as network attack defense, virus file blocking, and sensitive directory scanning.
Function |
Description |
Standard |
Professional (Yearly/Monthly) |
Professional (Pay-per-Use) |
---|---|---|---|---|
IPS |
It provides you with basic protection functions, and, with many years of attack defense experience, it detects and protects traffic and effectively protects your assets. It provides threat detection and vulnerability scan based on the built-in IPS rule database. It can scan traffic for phishing, Trojans, worms, hacker tools, spyware, brute-force attacks, vulnerability exploits, SQL injection attacks, XSS attacks, and web attacks. It can also detect protocol anomalies, buffer overflow, access control, suspicious DNS activities, and other suspicious behaviors.
|
√ |
√ |
√ |
Virtual patch |
Hot patches are provided for IPS at the network layer to intercept high-risk remote attacks in real time and prevent service interruption during vulnerability fixing. |
√ |
√ |
√ |
Custom IPS signature database |
If the built-in IPS rule library cannot meet your requirements, you can customize IPS signature rules. CFW will detect threats in traffic based on signatures. HTTP, TCP, UDP, POP3, SMTP and FTP protocols can be configured in user-defined IPS signatures. |
× |
√ |
√ |
Sensitive directories and reverse shells |
|
√ |
√ |
√ |
Antivirus |
The anti-virus function identifies and processes virus files through virus feature detection to prevent data damage, permission changes, and system breakdowns. The antivirus function can check access via HTTP, SMTP, POP3, FTP, IMAP4, and SMB. |
× |
√ |
√ |
Security dashboard |
You can easily check attack defense information on the security dashboard and adjust defense policies in a timely manner. |
√ |
√ |
√ |
Traffic Analysis
Traffic Analysis displays the traffic data protected by the current CFW instance.
Function |
Description |
Standard |
Professional (Yearly/Monthly) |
Professional (Pay-per-Use) |
---|---|---|---|---|
Traffic analysis |
It displays top traffic data of cloud assets based on sessions. |
√ |
√ |
√ |
Log Audit
Log Audit records the details of attack events, hit details of access control policies, and all traffic passing through the firewall.
Function |
Description |
Standard |
Professional (Yearly/Monthly) |
Professional (Pay-per-Use) |
---|---|---|---|---|
Querying Logs |
Logs are retained for seven days, allowing event tracing and analysis. |
√ |
√ |
√ |
Log Management |
Transfer logs to Huawei Cloud Log Tank Service (LTS). You can view logs generated in the last 1 to 365 days. |
√ |
√ |
√ |
System Management
System Management provides functions such as alarm notification, DNS configuration, and security report, helping you manage and maintain the security of cloud assets and detect exceptions in a timely manner.
Function |
Description |
Standard |
Professional (Yearly/Monthly) |
Professional (Pay-per-Use) |
---|---|---|---|---|
Alarm Notification |
CFW allows you to set notifications for events such as attack information and high traffic warnings. After the alarm notification function is enabled, the information will be sent through emails or SMS messages. |
√ |
√ |
√ |
Network Packet Capture |
CFW helps you locate network faults and attacks. |
× |
√ |
√ |
DNS Configuration |
The DNS server resolves and delivers IP addresses. |
√ |
√ |
√ |
Security Reports |
Generates log reports to help you learn about the security status of assets in a timely manner. |
√ |
√ |
√ |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.