Help Center/ Cloud Firewall/ User Guide/ Enabling VPC Border Traffic Protection/ Enterprise Router Mode (New)/ Enabling the VPC Border Firewall and Ensuring the Traffic Passes Through CFW
Updated on 2024-12-18 GMT+08:00

Enabling the VPC Border Firewall and Ensuring the Traffic Passes Through CFW

A new firewall is disabled by default. Traffic passes through the enterprise router without being forwarded to the new firewall. You can enable a VPC border firewall as needed.

Enabling a VPC Border Firewall

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) Switch firewall instance: Select a firewall from the drop-down list in the upper left corner of the page.
  5. In the navigation pane, choose Assets > Inter-VPC Border Firewalls.
  6. Click Enable Protection to the right of Firewall Status.
  7. Click OK.

Verifying That Traffic Passes Through CFW

  1. Generate traffic. For details, see Verifying Network Connectivity.
  2. Viewing logs. In the navigation pane, choose Log Audit > Log Query. Click the Traffic Logs tab and click VPC Border Firewall.

Follow-up Operations

  • For details about how to add a protected VPC, see Adding a Protected VPC.
  • After protection is enabled, all traffic is allowed by default. CFW will block traffic based on the policies you configure.
    • To implement traffic control, configure a protection policy. For details, see Adding an Internet Boundary Protection Rule or Adding Blacklist or Whitelist Items to Block or Allow Traffic.
      • Allow or block traffic based on protection rules.
        • Traffic allowing rule: The allowed traffic will be checked by functions such as intrusion prevention system (IPS) and antivirus.
        • Traffic blocking rule: Traffic will be directly blocked.
      • Allow or block traffic based on the blacklist and whitelist:
        • Whitelist: Traffic will be directly allowed without being checked by other functions.
        • Blacklist: Traffic will be directly blocked.
    • For details about how to block network attacks, see Blocking Network Attacks.