Application Scenarios

Unified Security Management of Cloud Resources

You can protect resources and check their traffic changes in a timely manner, securing cloud assets in diverse scenarios.

Internet border: The border between cloud assets and the Internet. It controls the inbound (from the Internet to the cloud) and outbound (from the cloud to the Internet) traffic.
VPC border: The border between a VPC and an on-premises integrated data center (IDC), or between two VPCs. It controls internal service access.

External Intrusion Prevention

New attacks continue to emerge, and cybersecurity incidents occur frequently. With CFW, you can tally assets accessible from the Internet, enable intrusion detection and prevention in one click, and intelligently block intrusions and viruses.

Control Over Server Originated Traffic

Unauthorized outbound access from intranet servers may cause sensitive data leakage. CFW enables multi-dimensional access control based on domain names. It can block unauthorized outbound access based on refined policies, enhancing your asset security.

Inter-VPC Access Control (Available in Professional Edition)

Unauthorized intranet access can expand the scope of lateral movement attacks. CFW supports inter-VPC traffic access control to visualize and protect internal service access.

Unified Multi-account Management

CFW provides unified protection for resources across accounts. This enhances network border security with higher O&M efficiency.

For EIPs, CFW works with Organizations to set up organization administrators and delegated administrators to centrally manage EIPs across accounts. For details, see Using CFW to Protect EIPs Across Accounts.
Figure 1 Cross-account EIP protection
For VPCs, CFW works with Enterprise Router to associate with and protect the VPCs across accounts in a unified manner. For details, see Using CFW to Protect VPCs Across Accounts.
Figure 2 Cross-account VPC protection