Help Center/ Cloud Firewall/ User Guide/ CFW Protection/ Enabling VPC Border Traffic Protection/ Enterprise Router Mode (New)/ Enabling the VPC Border Firewall and Ensuring the Traffic Passes Through CFW
Updated on 2025-12-18 GMT+08:00
View PDF
Share

Enabling the VPC Border Firewall and Ensuring the Traffic Passes Through CFW

A new firewall is disabled by default. Traffic passes through the enterprise router without being forwarded to the new firewall. You can enable a VPC border firewall as needed.

Enabling a VPC Border Firewall

  1. Log in to the CFW console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
  4. In the navigation pane, choose Assets > Inter-VPC Border Firewalls.
  5. Click Enable Protection to the right of Firewall Status.
  6. Click OK.

Verifying That Traffic Passes Through CFW

  1. Generate traffic. For details, see Verifying Network Connectivity.
  2. View logs. In the navigation pane, choose Log Audit > Log Query. Click the Traffic Logs tab and click VPC Border Firewall.

References

For details about how to disable VPC border protection, see Disabling VPC Border Protection.

Follow-up Operations

  • For details about how to add a protected VPC, see Adding a Protected VPC.
  • For details about how to view the traffic trend and statistics of CFW, see Traffic Analysis. For details about traffic records, see Traffic Logs.
  • After protection is enabled, all traffic is allowed by default. CFW will block traffic based on the policies you configure.
    Table 1 Configuring a policy

    Purpose

    Operation Guide

    Control traffic

    You can configure protection policies to control traffic.

    • Allow or block traffic based on protection rules.
      • Traffic allowing rule: The allowed traffic will be checked by functions such as intrusion prevention system (IPS) and antivirus.
      • Traffic blocking rule: Traffic will be directly blocked.
    • Allow or block traffic based on the blacklist and whitelist:
      • Whitelist: Traffic will be directly allowed without being checked by other functions.
      • Blacklist: Traffic will be directly blocked.

    For details, see Configuring Protection Rules to Block or Allow VPC Border Traffic or Adding Blacklist or Whitelist Items to Block or Allow Traffic.

    Block network attacks

    You can configure intrusion prevention. For details, see Configuring Basic IPS Protection.
Parent Topic: Enterprise Router Mode (New)