Help Center/ Cloud Firewall/ Getting Started/ Overview

Updated on 2024-10-30 GMT+08:00

View PDF

Overview

Cloud Firewall (CFW) provides traffic protection for cloud services at the Internet border, VPC border, and NAT gateway.

This section describes the configuration processes in different scenarios.

Internet Border Traffic Protection

Procedure	Description	Reference
Purchasing CFW	Purchase a CFW instance in the region where you want to protect traffic.	Purchasing CFW
Enabling EIP protection	Enable protection for one or more EIPs. CFW protects Internet border traffic by protecting EIPs.	Enabling EIP Protection
Configuring protection policies	By default, CFW allows all traffic. You need to configure protection policies to protect traffic. The following protection policies are provided: Protection rules: You can set rules to control traffic by IP address, IP address group, region, or domain name. Blacklist/Whitelist: Traffic is controlled based on specific rules configured for IP addresses and IP address groups. Traffic that matches the whitelist is directly allowed without being checked by other functions. Intrusion prevention: Network attacks are blocked based on multiple IPS rule databases. Antivirus: Virus-infected files are blocked based on protocol types.	Protection rules: Adding Protection Rules to Block or Allow Traffic Blacklist/Whitelist: Adding Blacklist or Whitelist Items to Block or Allow Traffic Intrusion prevention: Blocking Network Attacks Antivirus: Blocking Virus-infected Files
Checking logs	View the traffic protection outcomes in logs.	Viewing Logs
Example scenarios: Implement refined management and control of EIP traffic based on protection rules. For details, see Configuring a Protection Rule to Allow the Inbound Traffic to a Specified EIP. Use the intrusion prevention function to defend against common attacks. For details, see Configuring Intrusion Prevention to Protect EIPs.

VPC Border Traffic Protection

Procedure	Description	Reference
Purchasing CFW	Purchase a CFW instance in the region where you want to protect traffic.	Purchasing CFW
Enabling VPC protection	Enable protection for two or more VPCs. CFW protects VPC border traffic by protecting the VPCs.	Enabling VPC Border Traffic Protection
Configuring protection policies	By default, CFW allows all traffic. You need to configure protection policies to protect traffic. The following protection policies are provided: Protection rules: You can set rules to control traffic by IP address, IP address group, region, or domain name. Blacklist/Whitelist: Traffic is controlled based on specific rules configured for IP addresses and IP address groups. Traffic that matches the whitelist is directly allowed without being checked by other functions. Intrusion prevention: Network attacks are blocked based on multiple IPS rule databases. Antivirus: Virus-infected files are blocked based on protocol types.	Protection rules: Adding Protection Rules to Block or Allow Traffic Blacklist/Whitelist: Adding Blacklist or Whitelist Items to Block or Allow Traffic Intrusion prevention: Blocking Network Attacks Antivirus: Blocking Virus-infected Files
Checking logs	View the traffic protection outcomes in logs.	Viewing Logs
Example scenarios: Configure CFW protection rules to control inter-VPC traffic. For details, see Configuring a Protection Rule to Protect Traffic Between Two VPCs.

NAT gateway traffic protection

Procedure	Description	Reference
Purchasing CFW	Purchase a CFW instance in the region where you want to protect traffic.	Purchasing CFW
Enabling VPC (NAT) protection	Enable protection for two or more VPCs. CFW protects the traffic of the NAT gateway by protecting the VPC where the NAT gateway resides.	Enabling NAT Gateway Traffic Protection
Configuring protection policies	By default, CFW allows all traffic. You need to configure protection policies to protect traffic. The following protection policies are provided: Protection rules: You can set rules to control traffic by IP address, IP address group, region, or domain name. Blacklist/Whitelist: Traffic is controlled based on specific rules configured for IP addresses and IP address groups. Traffic that matches the whitelist is directly allowed without being checked by other functions. Intrusion prevention: Network attacks are blocked based on multiple IPS rule databases. Antivirus: Virus-infected files are blocked based on protocol types.	Protection rules: Adding Protection Rules to Block or Allow Traffic Blacklist/Whitelist: Adding Blacklist or Whitelist Items to Block or Allow Traffic Intrusion prevention: Blocking Network Attacks Antivirus: Blocking Virus-infected Files
Checking logs	View the traffic protection outcomes in logs.	Viewing Logs
Example scenarios: Configure CFW protection rules to control NAT gateway traffic. For details, see Configuring a Protection Rule to Protect SNAT Traffic

Next topic: Configuring a Protection Rule to Allow the Inbound Traffic to a Specified EIP

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.