All Products
Search

This Product

    Cloud Firewall:AI Traffic

    Document Center

    Cloud Firewall:AI Traffic

    Last Updated:Apr 01, 2026

    The AI Traffic feature of Cloud Firewall monitors and analyzes outbound traffic from your assets to AI services. It presents this analysis from multiple perspectives—including visualizations, outbound services, and assets—to clarify how your assets access AI services.

    Prerequisites

    • The first time you use this feature, click Enable Now on the page to enable the service.

    • The internet firewall must be enabled.

    • The NAT firewall must be enabled for the relevant assets.

    Accessing the AI Traffic page

    Log on to the Cloud Firewall console. In the left-side navigation pane, choose Analysis > AI Traffic.

    Visualized traffic analysis

    The AI Traffic page offers data and visualizations, such as Data statistics and an asset node graph, to give you a comprehensive overview of how your assets access AI services.

    Data statistics

    1. At the top of the AI Traffic page, you can view AI traffic statistics for all protected assets from the last 7 days.

      image

      • Public traffic volume: Statistics are collected only for assets protected by the internet firewall.

      • Private traffic volume: Statistics are collected only for assets protected by the NAT firewall.

    2. The collapsible data statistics panel in the upper-left corner of the AI Traffic > Traffic Analytics tab summarizes traffic and related data for public IPs and private IPs based on the following three aspects of AI-related network behavior:

      • Top Outbound AI Services: The most frequently accessed outbound AI services.

      • Top Source IPs: The main source asset IPs that access AI services.

      • AI Attacks and Risks: Network attacks and potential risks involving AI:

        • Access Interception: The number of times the access control module blocked access to prohibited AI services.

        • Intrusion Events: The number of attacks detected by the intrusion prevention system (IPS) engine during access to AI services.

    Visualized analysis

    On the AI Traffic > Traffic Analytics tab, a network graph of asset and AI service nodes is displayed to help you visually analyze which assets access AI services.

    • Click an asset node or an AI service node to view a brief summary of the node's traffic. You can also click Details in the pop-up box to open the access monitoring list.

    • In the upper-right corner of the visualization window, you can use the domain name filter and visualization tools to filter domain names, change the node layout, zoom, fit to screen, or enter full-screen mode.

      image

    Outbound AI service analysis

    On the AI Traffic > Internet-facing AI Services tab, three sub-tabs—Outbound AI Services, Internet Source, and Private Source—let you examine traffic data and events related to your assets' outbound connections to AI services from different perspectives.

    Outbound AI services

    On the Internet-facing AI Services > Outbound AI Services tab, you can view a list of all outbound AI services accessed by your protected assets.

    The list groups AI websites based on the AI service domain names that your assets access. Use the attribute filters at the top of the list to filter data and quickly locate specific websites for analysis.

    image

    Actions

    Note

    • In the Actions column, you can click the image icon to view all action links.

    • Allowlist: Click Allowlist in the upper-right corner of the list to add domains that you do not need to monitor. You can also click Add to Allowlist in the Actions column. After you refresh the list, these domains no longer appear.

      This Allowlist is used for list filtering only and is different from the whitelist in access control.

    • Watchlist: Click Watchlist in the upper-right corner of the list to add domains that require special attention. After you refresh the list, the domains on the watchlist appear highlighted.

    • Configure ACL: Click the Configure ACL Policy-IPv4 and Configure ACL Policy-IPv6 links in the Actions column to go directly to the access control page for the website and quickly configure its ACL policy.

      Use the Add to Address Book link to quickly add the website to an address book so you can reference it when you create ACL policies.

      Note

      Under Address Books > Recommended Intelligent Address Book > Threat Intelligence Address Book, AI-related address books are available. You can directly reference these address books in access control policies and configure corresponding policies:

      • AI Server API: Contains trusted AI domain names. We recommend that you configure an Allow or Observe policy for this address book.

      • High-risk Large Model Domains: Contains high-risk domain names. We recommend that you configure a Deny policy for this address book.

    • View Logs: Click the View Logs-IPv4 and View Logs-IPv6 links in the Actions column to go directly to the Log Audit page. The website query information is carried over to help you quickly query the traffic logs for the asset.

    • View Intelligence Profile: Click the View Intelligence Profile link in the Actions column to view the threat intelligence profile for the corresponding website and quickly learn about the website's threat status, WHOIS, domain name resolution, and other related intelligence information.

    Public/private asset access sources

    On the Internet-facing AI Services tab, click Internet Source or Private Source to view a data overview of the corresponding public or private assets that access AI services. The operations are the same for both tabs, but the filter options differ.

    The list is organized by asset instance. Use the attribute filters at the top of the list to filter data and quickly locate a specific asset for analysis.

    image

    Actions

    Note

    • In the Actions column, you can click the image icon to view all action links.

    • Watchlist: Click Watchlist in the upper-right corner of the list to add assets that require special attention. After the list is refreshed, the assets on the watchlist are highlighted.

    • View Logs: Click the View Logs link in the Actions column to quickly go to the Log Audit page. The asset information is passed to the page, which allows you to easily query the traffic logs for the asset.

    • Details: Click the Details link in the Actions column to view a statistical overview of the asset's outbound connections to AI services.

      In addition, you can use the links in the Suggestions column to quickly perform operations for the domains that the asset accesses, such as Add to Whitelist (this Allowlist is used for list filtering only and is different from the whitelist in access control), Add to Watchlist, Add to Address Book, and View Logs.

      image

    Data export

    You can export data from any list on the tabs under Internet-facing AI Services for offline analysis.

    Click the image icon in the upper-right corner of a list to export its data.