Help Center/ Cloud Firewall/ User Guide/ Enabling VPC Border Traffic Protection/ Enterprise Router Mode (Old)/ Creating a VPC Border Firewall
Updated on 2024-10-09 GMT+08:00
View PDF
Share

Creating a VPC Border Firewall

A VPC border firewall can collect statistics on communication traffic between VPCs, helping you detect abnormal traffic. This section describes how to create a VPC border firewall.

Prerequisites

  • You have an enterprise router.
  • To create a VPC border firewall, you need to configure an inspection VPC that consumes a VPC protection quota for traffic diversion. The current account must have a VPC that does not transmit traffic and has no subnets associated, and the VPCs under the account can create at least 2 route tables.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) Switch firewall instance: Select a firewall from the drop-down list in the upper left corner of the page.
  5. In the navigation pane, choose Assets > Inter-VPC Border Firewalls.
  6. Configure the subnets associated with the enterprise router and the cloud firewall, respectively. Click Create Firewall. Configure the enterprise router and associated subnets.

    Figure 1 Creating a VPC border firewall (old version)
    Table 1 Parameters for a VPC border firewall

    Parameter

    Description

    Example Value

    Enterprise Router

    Select an enterprise router. For details, see Viewing Enterprise Routers.

    cfw-er

    Inspection VPC

    Select a VPC. The inspection VPC cannot use the network segments already specified in other VPCs associated with the enterprise router.

    vpc-cfw-er

    IPv4 Segment

    After you select a VPC, the IPv4 address is automatically displayed.

    xx.xx.0.0/16

    AZ

    Select an AZ.

    AZ1

    Subnet

    (Subnet Associated with Enterprise Router)

    Subnet name.

    cfw-er-1

    Subnet

    (Subnet Associated to Cloud Firewall-1)

    cfw-er-2

    Subnet

    (Subnet Associated to Cloud Firewall-2)

    cfw-er-3

    IPv4 CIDR Block

    (Subnet Associated with Enterprise Router)

    IPv4 CIDR Block

    NOTE:
    • Ensure the value must not conflict with existing subnets.
    • Ensure the three subnet segments do not conflict with each other.

    xx.xx.1.0/24

    IPv4 CIDR Block (Subnet 1 Associated with a Cloud Firewall-1)

    xx.xx.2.0/24

    IPv4 CIDR Block

    (Subnet Associated to Cloud Firewall-2)

    xx.xx.3.0/24

  7. Click OK. The firewall will be created in 3 to 5 minutes.

    During the creation, you can only check the Dashboard page. The firewall status will change to Upgrading.

Parent Topic: Enterprise Router Mode (Old)