Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Situation Awareness
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Related Services

Updated on 2024-12-31 GMT+08:00

IAM

Identity and Access Management (IAM) provides the permission management function for CFW. Only users who have Tenant Administrator permissions can perform operations such as authorizing, managing, and detect cloud assets using CFW. To obtain the permissions, contact the users who have the Security Administrator permissions.

EIP

Elastic IP (EIP) provides independent public IP addresses and bandwidth for Internet access.

CFW protects Internet border traffic by protecting EIPs.

VPC

Virtual Private Cloud (VPC) enables you to provision an isolated, private virtual network for cloud resources, such as cloud servers, containers, and databases.

CFW can protect traffic at VPC borders, such as between VPCs, or between a VPC on the cloud and an on-premises data center.

NAT Gateway

NAT Gateway provides public and private NAT gateways. A public NAT gateway provides SNAT and DNAT to let cloud servers in a VPC use an EIP to communicate with the Internet.

CFW protects the NAT gateway traffic by protecting the VPC where the NAT gateway resides.

Enterprise Router

Enterprise Router provides inter-VPC traffic diversion for CFW. If you purchase the professional edition to protect inter-VPC traffic or Direct Connect traffic, you need to use Enterprise Router to divert traffic.

CTS

Cloud Trace Service (CTS) generates traces to enable you to get a history of operations performed on CFW, allowing you to query, audit, and backtrack resource operation requests initiated from the management console as well as the responses to those requests.

CTS records operations related to CFW, facilitating your further queries, audits, and retrievals.

Cloud Eye

Cloud Eye provides a comprehensive monitoring platform for resources such as the ECS and bandwidth. Cloud Eye monitors the metrics of CFW, so that you can understand the protection status of the service in a timely manner, and set protection policies accordingly.

LTS

Log Tank Service (LTS) collects log data from servers and cloud services. CFW can record attack event logs, access control logs, and traffic logs to LTS, enabling real-time, efficient, and secure log processing.

SMN

Simple Message Notification (SMN) provides the message notification function. After you enable notification on CFW, you will receive alarms based on the notification mode you configured if your resources are attacked or the protection traffic exceeds your quota.

Enterprise Management

You can manage multiple projects in an enterprise, separately settle their costs, and assign them to different personnel. A project can be started or stopped independently without affecting others. With Enterprise Management, you can easily manage your projects after creating an enterprise project for each of them.

CFW can be interconnected with Enterprise Management. You can manage CFW resources by enterprise project and grant different permissions to users.

Differences from WAF

CFW and WAF are two different Huawei Cloud products that can be used to protect your Internet borders, VPC borders, and web services.

The following table describes the differences between CFW and WAF.

Table 1 Differences between CFW and WAF

Item

CFW

WAF

Definition

Cloud Firewall (CFW) is a next-generation cloud-native firewall. It protects the Internet border and VPC border on the cloud by real-time intrusion detection and prevention, global unified access control, full traffic analysis, log audit, and tracing. It employs AI for intelligent defense, and can be elastically scaled to meet changing business needs, helping you easily handle security threats. CFW is a basic service that provides network security protection for user services on the cloud.

WAF keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF).

For details about WAF, see What Is Web Application Firewall?

Protection

  • EIP border and VPC border
  • Basic protection against web attacks
  • Defense against external intrusions and protection of proactive connections to external systems
  • WAF protects web applications on Huawei Cloud and other clouds and on-premises applications through domain names or IP addresses.
  • Comprehensive protection against web attacks

Features

  • Asset management and intrusion defense: It detects and defends against intrusions into cloud assets that are accessible over the Internet in real time.
  • Access control: You can control access at Internet borders.
  • Traffic Analysis and log audit: CFW controls, analyzes, and visualizes VPC traffic, audits logs, and traces traffic sources.

WAF identifies and blocks a wide range of suspicious attacks, such as SQL injections, XSS attacks, web shell upload, command or code injections, file inclusion, unauthorized sensitive file access, third-party vulnerability exploits, CC attacks, malicious crawlers, and CSRF.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback