Overview

Functions and Scenarios

CFW provides access control policies (protection rules, blacklist, and whitelist) and attack defense (intrusion prevention and antivirus) functions to protect Internet borders, VPC borders, and NAT gateways. Scenarios need to be differentiated only when protection rules are configured, as shown in Figure 1.

Figure 1 Functions and scenarios

Figure 2 shows the CFW usage process. The following configuration guides are provided:

• Internet border protection: Use CFW to configure protection rules to allow the inbound traffic to a specified EIP. For details, see Configuring a Protection Rule to Allow the Inbound Traffic to a Specified EIP.
• VPC border protection: Use CFW to configure protection rules to protect the traffic between two VPCs. For details, see Configuring a Protection Rule to Protect Traffic Between Two VPCs.
• NAT gateway protection: For details about how to use CFW to configure protection rules to protect SNAT traffic, see Configuring a Protection Rule to Protect SNAT Traffic.
• Intrusion prevention: For details about how to use CFW to block network attacks at the Internet border, see Configuring Intrusion Prevention to Protect EIPs.

Figure 2 Usage process

References

• For details about how to configure protection rules to control traffic, see Adding Protection Rules to Block or Allow Traffic.
• For details about how to configure a blacklist or whitelist to control traffic, see Adding Blacklist or Whitelist Items to Block or Allow Traffic.
• For details on how to configure intrusion prevention to block network attacks, see Adjusting the IPS Protection Mode to Block Network Attacks.
• For details about how to configure antivirus to block virus-infected files, see Enabling Antivirus to Block Virus-infected Files.