Constraints and Limitations
Constraints and Limitations describes the overall constraints of CFW. Function Constraints and Limitations describes the constraints of each function. For details about the differences between editions, see Editions.
Constraints and Limitations
- The CFW ALG tag function is restricted.
- By default, the network-layer defense against DDoS attacks and IP spoofing is disabled on CFW.
- Domain name protection depends on the DNS server you configure. The IP address of a default server may be incorrectly resolved. You are advised to use a custom server.
- To use CFW persistent connections, enable a bidirectional out-of-path policy. If you only enable a unidirectional policy, the client will need to re-initiate connections in certain scenarios, such as enabling or disabling protection, and expanding engine capacities. You can also create a service ticket to evaluate the risks of related issues.
- The maximum bandwidth of a pay-per-use firewall (total traffic that can pass through the firewall) is 1 Gbit/s.
Function Constraints and Limitations
Function |
Constraint and Limitation |
---|---|
HUAWEI Ads Account Registration Place |
CFW can be used in the selected region only. To use CFW in another region, switch to the corresponding region and then purchase it. For details about the regions where CFW can be purchased, see Function Overview. |
Protection rules |
|
Blacklist and whitelist parameters |
|
IP address groups |
|
Service groups |
|
Domain name groups |
URL Filtering (Layer 7 Protocol Parsing)
Address Resolution (Layer 4 Protocol Parsing)
|
Changing the action of a basic protection rule |
|
Customizing IPS signatures |
|
Querying logs |
|
Network packet capture |
|
Configuring DNS resolution |
A maximum of two DNS servers can be customized. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.