Updated on 2023-04-13 GMT+08:00



  • The CFW ALG tag function is restricted.
  • By default, the network-layer defense against DDoS attacks and IP spoofing is disabled on CFW.
  • Domain name protection depends on the DNS server you configure. The IP address of a default server may be incorrectly resolved. You are advised to use a custom server.
  • To use CFW persistent connections, enable a bidirectional out-of-path policy. If you only enable a unidirectional policy, the client will need to re-initiate connections in certain scenarios, such as enabling or disabling protection, and expanding engine capacities. You are advised to submit a service ticket for risks assessment.

External Intrusion Prevention

You can use CFW to perform security stocktaking on service assets accessible to the public network and enable intrusion detection and prevention in one click.

Control Over Server Originated Traffic

Implement domain-based precise control over server originated traffic.