- What's New
- Function Overview
- Service Overview
- Billing
- Getting Started
-
User Guide
- Creating a User Group and Granting Permissions
- Checking the Dashboard
- Purchasing and Changing the Specifications of CFW
- Enabling Internet Border Traffic Protection
- Enabling VPC Border Traffic Protection
- Enabling NAT Gateway Traffic Protection
-
Configuring Access Control Policies to Control Traffic
- Access Control Policy Overview
- Configuring Protection Rules to Block or Allow Traffic
- Adding Blacklist or Whitelist Items to Block or Allow Traffic
- Viewing Protection Information Using the Policy Assistant
- Managing Access Control Policies
- Managing IP Address Groups
- Domain Name Management
- Service Group Management
- Attack Defense
- Viewing Traffic Statistics
- Viewing CFW Protection Logs
- System Management
- Permissions Management
- Using Cloud Eye to Monitor CFW
- CTS Auditing
-
Best Practices
- CFW Best Practice Summary
- Purchasing and Querying CFW via API
- Migrating Security Policies to CFW in Batches
- Configuration Suggestions for Using CFW with WAF, Advanced Anti-DDoS, and CDN
- Allowing Internet Traffic Only to a Specified Port
- Allowing Outbound Traffic from Cloud Resources Only to a Specified Domain Name
- Using CFW to Defend Against Network Attacks
- Configuring a Protection Rule to Protect Traffic Between Two VPCs
- Configuring a Protection Rule to Protect SNAT Traffic
- Using CFW to Protect Enterprise Resources
- Using CFW to Protect EIPs Across Accounts
- Using CFW to Protect VPCs Across Accounts
-
API Reference
- Before You Start
- API Overview
- API Calling
-
API
-
Firewall Management
- Creating a Firewall
- Obtaining the Status of a CFW Task
- Deleting a Firewall
- Querying the Firewall List
- Changing the East-West Firewall Protection Status
- Querying Firewall Details
- Obtaining East-West Firewall Information
- Creating an East-West Firewall
- Querying the Number of Protected VPCs
- Creating a Tag
- Deleting a Tag
- EIP Management
-
ACL Rule Management
- Creating an ACL Rule
- Deleting an ACL Rule
- Deleting ACL Rules in Batches
- Deleting the Number of Rule Hits
- Updating an ACL Rule
- Updating Rule Actions in Batches
- Setting the Priority of an ACL Protection Rule
- Querying a Protection Rule
- Querying Rule Tags
- Obtaining the Number of Rule Hits
- Viewing the Region List
- Checking the ACL Import Status
- Blacklist/Whitelist Management
- Address Group Management
- Service Group Management
-
Domain Name Resolution and Domain Name Group Management
- Adding a Domain Name Group
- Deleting a Domain Name Group
- Updating a Domain Name Group
- Updating the DNS Server List
- Querying the Domain Name Group List
- Querying the DNS Server List
- Querying an IP Address for Domain Name Resolution
- Obtain the list of domain names in a domain name group
- Adding a Domain Name List
- Deleting a Domain Name List
- Viewing Domain Group Details
- Obtaining the DNS Resolution Result of a Domain Name
- Deleting Domain Groups in Batches
- IPS management
- Log Management
- Packet Capture Management
- Antivirus Management
- Alarm Configuration Management
- Tag Management
- IPS Management
-
Firewall Management
- Appendix
- SDK Reference
-
FAQs
-
About the Product
- Does CFW Support Off-Cloud Servers?
- What Are the QPS, New Connections, and Concurrent Connections Supported by CFW?
- Can CFW Be Shared Across Accounts?
- What Are the Differences Between CFW and WAF?
- What Are the Differences Between CFW, Security Groups, and Network ACLs?
- How Does CFW Control Access?
- What Are the Priorities of the Protection Settings in CFW?
- Can WAF, Advanced Anti-DDoS, and CFW Be Deployed Together?
- Can CFW Protect Resources Across Enterprise Projects?
- How Long Are CFW Logs Stored by Default?
- Regions and AZs
-
Troubleshooting
- What Do I Do If Service Traffic is Abnormal?
- Why Are Traffic and Attack Logs Incomplete?
- Why Does a Protection Rule Not Take Effect?
- What Do I Do If IPS Blocks Normal Services?
- Why Is No Data Displayed on the Access Control Logs Page?
- Why Is the IP Address Translated Using NAT64 Blocked?
- Why Some Permissions Become Invalid After a System Policy Is Granted to an Enterprise Project?
- What Do I Do If a Message Indicating Insufficient Permissions Is Displayed When I Configure LTS Logs?
-
Network Traffic
- How Do I Calculate the Number of Protected VPCs and the Peak Protection Traffic at the VPC Border?
- How Does CFW Collect Traffic Statistics?
- What Is the Protection Bandwidth Provided by CFW?
- What Do I Do If My Service Traffic Exceeds the Protection Bandwidth?
- What Are the Differences Between the Data Displayed in Traffic Trend Module and the Traffic Analysis Page?
- How Do I Verify the Validity of an Outbound HTTP/HTTPS Domain Protection Rule?
- How Do I Obtain the Real IP Address of an Attacker?
- What Do I Do If a High Traffic Warning Is Received?
-
About the Product
- Videos
-
More Documents
-
User Guide (Ankara Region)
- Product Overview
- Checking the Dashboard
- Creating Cloud Firewall
- Enabling Internet Border Traffic Protection
- Enabling VPC Border Traffic Protection
-
Configuring Access Control Policies to Control Traffic
- Access Control Policy Overview
- Configuring Protection Rules to Block or Allow Traffic
- Adding Blacklist or Whitelist Items to Block or Allow Traffic
- Viewing Protection Information Using the Policy Assistant
- Managing Access Control Policies
- Managing IP Address Groups
- Domain Name Management
- Service Group Management
- Attack Defense
- Viewing Traffic Statistics
- Viewing CFW Protection Logs
- System Management
-
FAQs
-
About the Product
- Does CFW Support Off-Cloud Servers?
- What Are the QPS, New Connections, and Concurrent Connections Supported by CFW?
- Can CFW Be Shared Across Accounts?
- What Are the Differences Between CFW and WAF?
- What Are the Differences Between CFW, Security Groups, and Network ACLs?
- How Does CFW Control Access?
- What Are the Priorities of the Protection Settings in CFW?
- Can WAF and CFW Be Deployed Together?
- Troubleshooting
- Network Traffic
-
About the Product
- Change History
- API Reference (Ankara Region)
-
User Guide (Ankara Region)
- General Reference
Cloud Firewall
Cloud Firewall (CFW) is a next-generation cloud-native firewall. It protects Internet and VPC borders on the cloud by real-time intrusion detection and prevention, global unified access control, and full traffic analysis.
Progressive Knowledge
ECS knowledge for users from beginner level to expert level
01
![](https://support.huaweicloud.com/intl/en-us/cfw/files/6408a53924b4fe2ce61efbe2e6090785.jpg)
Understand
Learn what is CFW, its features and editions, and when you will need them.
Service Overview
03
![](https://support.huaweicloud.com/intl/en-us/cfw/files/6408a53924b4fe2ce61efbe2e6090785.jpg)
Start
After creating an ECS, you can log in to it and initialize data disks in multiple ways to start your ECS.
Enabling Protection
Configuring a Protection Policy
05
![](https://support.huaweicloud.com/intl/en-us/cfw/files/6408a53924b4fe2ce61efbe2e6090785.jpg)
Deploy
Use CFW to routinely check and handle security risks, protecting your cloud border.
Best Practices About Security Configurations
02
![](https://support.huaweicloud.com/intl/en-us/cfw/files/6408a53924b4fe2ce61efbe2e6090785.jpg)
Purchase
Learn how to choose, purchase HSS editions and how much you will be charged.
Specifications
How to Buy
04
![](https://support.huaweicloud.com/intl/en-us/cfw/files/6408a53924b4fe2ce61efbe2e6090785.jpg)
Be a Power User
You can configure intrusion prevention policies, the blacklist, and the whitelist, and increase quota to protect more EIPs. You can also adjust protection policies based on real-time protection logs and event statistics.
Common Operations
FAQs
Learn more about common issues and solutions.
Typical Cases
About CFWs
Technical Topics
Technologies, expert opinions, and courses