Help Center/ Cloud Firewall/ Best Practices/ CFW Security Best Practices
Updated on 2025-03-22 GMT+08:00

CFW Security Best Practices

Security is a responsibility shared between you and Huawei Cloud. Huawei Cloud ensures the security of cloud services for a secure cloud. As a tenant, you should utilize the security capabilities provided by cloud services to protect data and use the cloud securely. For details, see Shared Responsibilities.

This section provides actionable guidance for enhancing CFW security. You can check CFW security status and improve its protection capabilities.

Strengthening Permissions Management to Reduce Related Risks

CFW permissions are preconfigured in the system. For details, see Permission Management. The permissions apply to all the CFW instances under an account. You can create custom policies to supplement the system-defined policies of CFW.

Periodically Checking Logs and Handling Exceptions in a Timely Manner

CFW generates three types of protection logs: attack event logs, access control logs, and traffic logs. By default, logs are stored in CFW for seven days. For details about how to view logs, see Log Query.

CFW can transfer logs to Log Tank Service (LTS). LTS can help with real-time decision making, device O&M management, and service trend analysis. For details, see Configuring Logs.