Features

CFW provides the standard edition and the professional edition. You can use access control, intrusion prevention, traffic analysis, and log audit functions on the console.

**Table 1** Features
Item	Description
Dashboard	You can check basic information about firewall instances, resource protection, and more statistics.
Assets	You can check and manage EIPs.
Access Control	You can control traffic at Internet and VPC borders based on IP addresses, regions, and domain names.
Intrusion Prevention	Protection Mode: Check and block Internet traffic to detect and prevent intrusion. Basic Protection: It provides threat detection and vulnerability scan based on the built-in IPS rule library. It checks whether traffic contains phishing, Trojans, worms, hacker tools, spyware, password attacks, vulnerability attacks, SQL injection attacks, XSS attacks, and web attacks. It checks whether there are protocol anomalies, buffer overflow, access control, suspicious DNS activities, and other suspicious behaviors in traffic. NOTE: In the basic protection (IPS) rule library, you can manually modify protection actions. You can query rule information by rule ID, signature name, risk level, update time, CVE ID, attack type, rule group, and current action in the basic protection (IPS) rule library. Virtual Patching: Hot patches are provided for IPS at the network layer to intercept high-risk remote attacks in real time and prevent service interruption during vulnerability fixing. New IPS rules are displayed in the virtual patch rule library. A new IPS rule will be added to the virtual patch rule library first and then to the IPS rule library. Custom IPS signature: You can customize IPS signature rules. CFW will detect threats in data traffic based on signatures. NOTE: HTTP, TCP, UDP, POP3, SMTP and FTP protocols can be configured in user-defined IPS signatures. Sensitive Directory Scan Defense: Defend against scan attacks on sensitive directories on your servers. Reverse Shell Defense: Defend against reverse shells.
Antivirus	The anti-virus function identifies and processes virus files through virus feature detection to prevent data damage, permission change, and system breakdown caused by virus files. The antivirus function can check access via HTTP, SMTP, POP3, FTP, IMAP4, and SMB.
Traffic Analysis	The following traffic statistics are displayed: Inbound Traffic: traffic from the Internet to ECSs Outbound Traffic: statistics on the traffic generated when cloud servers proactively access the Internet Inter-VPC access: inbound and outbound traffic statistics between VPCs
Log Audit	You can check the following types of logs: Attack event logs, which contain details about intrusions Access control logs, which contain details about what access is allowed and what is blocked Traffic logs, which contain the access traffic of specific services You can use Log Tank Service (LTS) on Huawei Cloud to record all CFW logs, including attack event, access control, and traffic logs.
System Management	Alarm notification: You can use CFW to set notifications for attack logs and traffic threshold-crossing warnings. After the alarm notification function is enabled, IPS attack logs and traffic threshold-crossing warnings will be sent through emails or SMS messages. Network packet capture: helps you locate network faults and attacks.

**Table 2** Engine
Engine	Function	Protocol	Scenario
Firewall engine	The load balancing component distributes user traffic to the tenant firewall engine for security check and protection, and then sends the traffic to the target ECS. This engine provides various detection functions and flexible blocking policies.	TCP, UDP, ICMP, and Any	Protection for Internet and VPC borders