Help Center/ Web Application Firewall/ FAQs/ About WAF/ What Are the Differences Between WAF and CFW?

Updated on 2024-10-25 GMT+08:00

View PDF

What Are the Differences Between WAF and CFW?

Web Application Firewall (WAF) and Cloud Firewall (CFW) are different products we provided. WAF is used to protect your web services, while CFW is used to protect Internet border and VPC border traffic.

Table 1 lists differences between WAF and CFW.

**Table 1** Differences between WAF and CFW
Category	WAF	CFW
Definition	Web Application Firewall (WAF) keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF).	Cloud Firewall (CFW) is a next-generation cloud-native firewall. It protects the Internet border and VPC border on the cloud by real-time intrusion detection and prevention, global unified access control, full traffic analysis, log audit, and tracing. It employs AI for intelligent defense, and can be elastically scaled to meet changing business needs, helping you easily handle security threats. CFW is a basic service that provides network security protection for user services on the cloud.
Protection mechanism	WAF works as a reverse proxy between the client and the origin server. All website access requests are forwarded to WAF first. WAF detects and filters out malicious attack traffic, and returns normal traffic to the origin server to ensure that the origin server is secure, stable, and available.	CFW can implement refined control over all traffic, including Internet border protection, cross-VPC and NAT traffic, to prevent intrusions, penetration attacks, and unauthorized connections to the outside.
Deployment mode	WAF can be deployed in cloud mode, ELB mode, and dedicated mode. Cloud Mode - CNAME access: a good choice no matter where your web services are deployed, on Huawei Cloud, any other cloud, even in on-premises data centers, as long as they have domain names. The application scenarios for different editions are as follows: Standard edition This edition is suitable for small- and medium-sized websites that do not have special security requirements. Professional edition This edition is suitable for medium-sized enterprise websites or services that are open to the Internet, focus on data security, and have high security requirements. Platinum edition This edition is suitable for large- and medium-sized enterprise websites that have large-scale services or have special security requirements. Cloud - Load balancer access mode: protects websites as long as their service servers are deployed on Huawei Cloud and they have domain names or IP addresses. This mode suitable for large enterprise websites having high security requirements on service stability. Dedicated: a good choice if your service servers are deployed on Huawei Cloud as long as they have domain names or IP addresses. Dedicated WAF instances are suitable large enterprise websites that have a large service scale and have customized security requirements.	Protection for Internet border and VPC border
Protection objects	Cloud mode - CNAME access: Domain names Dedicated mode and cloud load balancer access mode: domain names or IP addresses	Elastic IP Address (EIP)
Functions	WAF identifies and blocks a wide range of suspicious attacks, such as Structure Query Language (SQL) injections, cross-site scripting (XSS) attacks, web shell upload, command or code injections, file inclusion, unauthorized sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF).	Asset management and intrusion defense: CFW detects and defends against intrusions into cloud assets that are accessible over the Internet in real time. Access control: You can control access at Internet borders. Traffic Analysis and log audit: CFW controls, analyzes, and visualizes VPC traffic, audits logs, and traces traffic sources.

Parent topic: About WAF

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot