Updated on 2025-07-23 GMT+08:00

Creating a Firewall (VPC Mode)

A VPC border firewall can collect statistics on the traffic between VPCs, helping you detect abnormal traffic. This section describes how to create a VPC border firewall.

Constraints

  • Only the professional edition supports VPC border firewalls.

Creating a Firewall (VPC Mode)

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
  5. In the navigation pane, choose Assets > Inter-VPC Border Firewalls.
  6. Click Create Inter-VPC Firewall.
  7. In the displayed dialog box, set Route type to VPC, and click Next.
  8. Configure a CIDR block. An inspection VPC will be automatically created by default.

    Figure 1 Network planning

    Pay attention to the following restrictions during network planning:

    • After a firewall is created, its CIDR block cannot be modified.
    • The CIDR block must meet the following requirements:
      • Only private network address segments (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) are supported. Otherwise, route conflicts may occur in public network access scenarios, such as SNAT.
      • The CIDR block 10.6.0.0/16-10.7.0.0/16 is reserved for CFW and cannot be used.
      • This CIDR block cannot overlap with the private CIDR block to be protected, or routing conflicts and protection failures may occur.

  9. Click OK.

Follow-up Operations

After the firewall is created, associate the VPC with the firewall by referring to Associating a Protected VPC with the Firewall.