Function Overview

Cloud Firewall (CFW) is a next-generation cloud-native firewall. It protects Internet and VPC borders on the cloud by real-time intrusion detection and prevention, global unified access control, full traffic analysis, log audit, and tracing. CFW employs AI for intelligent defense, and can be elastically scaled to meet changing business needs, helping you easily handle security threats.

After the EIP information is synchronized and EIP is enabled, the system automatically checks the security of your cloud assets and can provide protection for external services within seconds.

Inter-VPC protection detects and controls traffic communication between two VPCs, and provides asset protection, access control, full traffic analysis, and intrusion prevention between VPCs.

Configure a proper access control policy for fine-grained management of the traffic exchanged between internal servers and the external network, preventing the spread of internal threats and enhancing security.

You can configure a blacklist to block specific IP addresses, and can configure a whitelist to allow access from specific IP addresses.

An IP address group contains multiple IP addresses. An IP address group frees you from repeatedly modifying access rules and simplifies security group rule management.

A service group is a collection of services (protocols, source ports, and destination ports). A service group frees you from repeatedly modifying access rules and simplifies security group rule management.

Configure the intrusion prevention mode to detect, log, and block attack traffic. CFW basic defense functions are developed based on years of cybersecurity practices, checking the access traffic to your assets and protecting them from common network attacks.

Basic defense functions scan traffic for attacks, threats, and vulnerabilities, such as phishing, Trojans, worms, hacker tools, spyware, password attacks, vulnerability attacks, SQL injection attacks, XSS attacks, and web attacks. CFW can also check for exceptions in protocols, buffer overflow, access control, and suspicious DNS activities.

The anti-virus function identifies and processes virus files through virus feature detection to prevent data damage, permission change, and system breakdown caused by virus files.

The antivirus function can check access via HTTP, SMTP, POP3, FTP, IMAP4, and SMB.

Alarm Notification: If you configure attack alarms and high traffic warnings, CFW will send IPS attack logs and high traffic warnings by using the notification method (such as email or SMS) you configured.

Network Packet Capture: You can create network packet capture tasks to locate network faults and attacks.

Multi-Account Management: If the accounts in your organization are centrally managed, you can use CFW to protect the EIPs of all member accounts in the organization in a unified manner.

You can check attack event logs, access control logs, and traffic logs, including the attack time, attack type, risk level, source port, source IP address, destination IP address, and destination port.

After EIP protection is enabled, you can increase the number of protected EIPs on the console.