Enabling the VPC Border Firewall and Ensuring the Traffic Passes Through CFW
A new firewall is disabled by default. Traffic passes through the enterprise router without being forwarded to the new firewall. You can enable a VPC border firewall as needed.
Enabling a VPC Border Firewall
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project.
- In the navigation pane on the left, click
and choose . The Dashboard page will be displayed.
- (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
- In the navigation pane, choose Assets > Inter-VPC Border Firewalls.
- Click Enable Protection to the right of Firewall Status.
- Click OK.
Verifying That Traffic Passes Through CFW
- Generate traffic. For details, see Verifying Network Connectivity.
- View logs. In the navigation pane, choose VPC Border Firewall.
. Click the tab and click
- If a log is generated, CFW is protecting the traffic between VPCs.
- If no logs are recorded, check the configurations of the enterprise router. For details, see Configuring the Enterprise Router to Direct Traffic to the Cloud Firewall.
References
For details about how to disable VPC border protection, see Disabling VPC Border Protection.
Follow-up Operations
- For details about how to add a protected VPC, see Adding a Protected VPC.
- For details about how to view the traffic trend and statistics of CFW, see Traffic Analysis. For details about traffic records, see Traffic Logs.
- After protection is enabled, all traffic is allowed by default. CFW will block traffic based on the policies you configure.
- To implement traffic control, configure a protection policy. For details, see Configuring Protection Rules to Block or Allow VPC Border Traffic or Adding Blacklist or Whitelist Items to Block or Allow Traffic.
- Allow or block traffic based on protection rules.
- Traffic allowing rule: The allowed traffic will be checked by functions such as intrusion prevention system (IPS) and antivirus.
- Traffic blocking rule: Traffic will be directly blocked.
- Allow or block traffic based on the blacklist and whitelist:
- Whitelist: Traffic will be directly allowed without being checked by other functions.
- Blacklist: Traffic will be directly blocked.
- Allow or block traffic based on protection rules.
- For details about how to block network attacks, see Configuring Intrusion Prevention.
- To implement traffic control, configure a protection policy. For details, see Configuring Protection Rules to Block or Allow VPC Border Traffic or Adding Blacklist or Whitelist Items to Block or Allow Traffic.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot