Enabling a VPC Border Firewall

Impacts on Services

Before enabling VPC protection, check whether there is any protection rule or blacklist that blocks all traffic.

• If protection is enabled for a VPC, such a protection rule or blacklist will take effect and block all the traffic of the VPC. This may interrupt services. Before enabling protection, check for persistent connections and services that do not support session reestablishment. If any, handle them first.

  For details about how to edit a protection rule, see Managing Protection Rules. For details about how to edit a blacklist, see Managing the Blacklist and the Whitelist.

• If there is no protection rule or blacklist that blocks all traffic, enabling or disabling VPC protection will not interrupt services.

Enabling a VPC Border Firewall

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
4. (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
5. In the navigation pane, choose Assets > Inter-VPC Border Firewalls.
6. In the upper part of the page, click Enable Protection next to Firewall Status.
7. In the displayed dialog box, click OK.

Follow-up Operations

To add a protected VPC after a firewall is enabled, perform the operations in Associating a Protected VPC with the Firewall and Configuring VPC Routes.

Related Operations

Disabling the VPC border firewall: You can disable the VPC border firewall if its protection is no longer required. Perform the following operations:

1. On the Inter-VPC Border Firewalls page of CFW, click Disable Protection next to Firewall Status above the protected resource list.
2. In the displayed dialog box, click OK.