Updated on 2022-09-29 GMT+08:00

What Is CFW?

Cloud Firewall (CFW) is a next-generation cloud-native firewall. It protects Internet and VPC borders on the cloud by real-time intrusion detection and prevention, global unified access control, full traffic analysis, log audit, and tracing. CFW employs AI for intelligent defense, and can be elastically scaled to meet changing business needs, helping you easily handle security threats. CFW provides basic network security protection for your workload on the cloud.

Intelligent Defense

CFW has integrated Huawei Cloud/security capabilities and Huawei network threat intelligence. Its AI intrusion prevention engine can detect and block malicious traffic in real time. It works with other security services globally to defend against Trojans, worms, injection attacks, vulnerabilities, phishing, and brute-force attacks.

High Scalability

CFW can implement fine-grained traffic control on Internet borders, between VPCs, and between ECSs, preventing intrusions, internal penetration attacks, and unauthorized access from inside your network to the Internet. The CFW cluster is deployed in high availability mode. You can increase your bandwidth, EIPs, and security policies without limit, safeguarding your network even under heavy traffic.

Easy-to-Use Application

As a cloud-native firewall, CFW can be enabled easily, import multi-engine security policies with a few clicks, automatically check assets within seconds, and provide a UI for performing operations, greatly improving management and defense efficiency.

Supported Access Control Policies

  • Access control based on the 5-tuple (source IP address, source port, destination IP address, destination port, and protocol)
  • Access control based on the domain name
  • Access control based on the intrusion prevention system (IPS). The IPS works in observation or block mode. In block mode, CFW detects and blocks traffic that matches the IPS rules. For details, see Adding a Protection Rule.
  • ACL access control policies set for IP address groups, blacklists, and whitelists