Associating a Protected VPC with the Firewall

Constraints

Before disassociating a protected VPC from a firewall, delete the route pointing to the firewall in Configuring VPC Routes.

Associating a Protected VPC with the Firewall

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
4. (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
5. In the navigation pane, choose Assets > Inter-VPC Border Firewalls.
6. In the Operation column of a VPC, click Associate Firewall.
7. On the Associate Firewall page, configure the following parameters.

   Table 1 Parameters for adding a protected VPC

   Parameter		Description
   VPC Information	Protection Type	The value cannot be changed. The default value VPC is used.
   	VPC	Name and CIDR block of the protected VPC.
   Firewall Route	Destination Address	By default, the CIDR block of the selected VPC is used. You can modify the CIDR block or click Add to add a CIDR block.
   	Next Hop Type	The value cannot be changed. The default value is VPC peering.
   	Next Hop	The value cannot be changed. The VPC uses this VPC peering connection to forward traffic to the firewall.
   	Description	(Optional) Enter the description of the VPC.
   Route	Configure VPC route	If it is selected, the routes pointing to 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 and whose next hop type is a firewall peering connection will be added to all the route tables of the VPC. CAUTION: Before selecting it, confirm that it will not affect your network.

8. Click OK to associate the protected VPC with the firewall.

Follow-up Operations

After VPCs are associated, perform the operations in Configuring VPC Routes to add routes.

Related Operations

Disassociating a VPC from the firewall: If an associated VPC no longer needs to be protected, disassociate it from the firewall. Perform the following operations:

• If an associated VPC no longer needs to be protected, disassociate it from the firewall. Perform the following operations:
  1. On the Inter-VPC Border Firewalls page of CFW, click Disassociate in the Operation column of a VPC.
  2. In the confirmation dialog box, click OK.
     

     If a VPC has a route whose next hop is the peering connection created by the firewall, the VPC cannot be deleted. To delete this VPC, delete the route first.