Help Center/ Cloud Firewall/ User Guide/ Managing VPC Border Firewalls/ VPC Mode/ Step 2: Manage Protected VPCs
Updated on 2024-01-12 GMT+08:00
View PDF

Step 2: Manage Protected VPCs

After creating a VPC border firewall, you need to associate VPCs with the firewall. For details, see Associating a Protected VPC with the Firewall.

If a VPC does not need to be protected, you can disassociate the VPC from the firewall. For details, see Disassociating a Protected VPC from a Firewall.

Constraints

Before disassociating a protected VPC from a cloud firewall, delete the route pointing to the cloud firewall in Step 3: Configure Routes on the VPC Side.

Associating a Protected VPC with the Firewall

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed, as shown in Figure 1.

    Figure 1 CFW Dashboard

  4. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click View in the Operation column to go to the details page.
  5. In the navigation pane, choose Assets > Inter-VPC Border Firewalls.
  6. In the Operation column of a VPC, click Associate Firewall.
  7. On the Associate Firewall page, configure parameters for the protected VPC.

    Table 1 Parameters for adding a protected VPC

    Parameter Name

    Description

    Protection Type

    The value cannot be changed. The default value VPC is used.

    VPC

    Name and CIDR block of the protected VPC.

    Firewall Route

    Protected VPC CIDR Block

    By default, the CIDR block of the selected VPC is used. You can modify the CIDR block or click to add a CIDR block.

    Next Hop Type

    The value cannot be changed. The default value is VPC peering.

    Next Hop

    The value cannot be changed. The VPC uses this VPC peering connection to forward traffic to the firewall.

    Description

    (Optional) Enter the description of the VPC.

    Route

    Configure VPC route

    If it is selected, the routes pointing to 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 and whose next hop type is a firewall peering connection will be added to all the route tables of the VPC.

    CAUTION:

    Before selecting it, confirm that it will not affect your network.

  8. Click OK to associate the protected VPC with the firewall.

Disassociating a Protected VPC from a Firewall

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed, as shown in Figure 2.

    Figure 2 CFW Dashboard

  4. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click View in the Operation column to go to the details page.
  5. In the navigation pane, choose Assets > Inter-VPC Border Firewalls.
  6. In the Operation column of a VPC, click Disassociate.
  7. In the confirmation dialog box, click OK.

    If a VPC has a route whose next hop is the peering connection created by the firewall, the VPC cannot be deleted. To delete this VPC, delete the route first.

Follow-up Operations

After a VPC is added, perform the operations in Step 3: Configure Routes on the VPC Side.

Parent topic: VPC Mode