This topic describes the release notes for Cloud Firewall and provides links to the relevant references.

2021

Release date Category Feature Description Involved edition References
2021-07-30 Experience optimization The feature of centralized account management can be used to add multiple Alibaba Cloud accounts as member accounts. By default, centralized account management can be used to add one Alibaba Cloud account as a member account. You can set Managed Alibaba Cloud Member Accounts to a larger value to add more than one Alibaba Cloud account. This allows you to manage the resources of the accounts in a centralized manner. Ultimate Edition Use centralized account management
2021-07-22 New feature The log storage duration can be customized. You can set Log Storage Period to a value that ranges from 30 to 365. Unit: days. Enterprise Edition and Ultimate Edition Change the log storage duration
2021-07-21 Experience optimization Cloud Firewall is available in the US (Silicon Valley) region. The Internet firewall is available in the US (Silicon Valley) region. All paid editions Supported regions
2021-07-19 New feature A new API operation for the intrusion prevention feature is released. The API operation that is used to query the details of intrusion events is available. All paid editions DescribeRiskEventGroup
2021-07-06 New feature The API operations for centralized account management are released. The API operations for centralized account management are available. You can use the API operations to add or remove member accounts in Cloud Firewall. You can also modify or query the added member accounts. All paid editions AddInstanceMembers
2021-07-02 New feature A new API operation is released for access control policies. The API operation that is used to modify the priority of an access control policy is available. All paid editions ModifyControlPolicyPriority
2021-06-24 Experience optimization The Overview page is modified. The Security Policies module is added to the Overview page. All paid editions Overview
2021-06-21 New feature The Weekly Report item is added to the Alert Notifications module. The Weekly Report item is added to the Alert Notifications module, which allows you to view the security status of your Cloud Firewall by email. All paid editions Modify notification and contact settings
2021-04-23 Experience optimization Information about the geographic locations of attacks is displayed in the Intrusion Prevention module. Information about the geographic locations of attacks is displayed in the Intrusion Prevention module. You can view the geographic distribution of the attack sources and abnormal outbound connections. All paid editions Intrusion prevention
2021-04-16 New feature Traffic that passes through the custom routes added to Cloud Enterprise Network (CEN) transit routers can be protected. Cloud Firewall can protect traffic that passes through the custom routes added to CEN transit routers. Enterprise Edition and Ultimate Edition Create a VPC firewall for a CEN
2021-03-31 New feature The multi-account management feature is supported. The multi-account management feature allows you to manage cloud assets within multiple accounts in a centralized manner and configure protection settings. Ultimate Edition Use centralized account management
2021-02-25 Experience optimization The Vulnerability Prevention module is optimized. The Vulnerability Prevention module is optimized. Enterprise Edition and Ultimate Edition Vulnerability prevention
2021-02-06 Experience optimization The Internet firewall is available in the India (Mumbai) and UK (London) regions. Secure forward proxies are supported in the China (Chengdu) region. The Internet firewall is available in the UK (London) region at the China site (aliyun.com) and the India (Mumbai) region at the International site (alibabacloud.com). Secure forward proxies are supported in the China (Chengdu) region. All paid editions Supported regions
2021-02-05 Experience optimization The Overview page is modified. The following modules are added to the Overview page: Asset Protection, Protection, Cloud Firewall Tutorial, and Recent Updates. All paid editions Overview
2021-01-28 Experience optimization The notification feature is upgraded. The following notification items are added: Protection Against Vulnerabilities, Asset Protection, and Intrusion Prevention. All paid editions Modify notification and contact settings
2021-01-28 Experience optimization Traffic analysis details can be downloaded. The details of Outbound Connections, Internet Access, and VPC Access can be downloaded to your computer for check and analysis. All paid editions Outbound connections

Internet access

VPC access

2021-01-19 New feature Intrusions can be blocked by the intrusion prevention system (IPS) based on different block modes. Different block modes are available in Threat Engine Mode to block intrusion attempts based on rule groups. All paid editions Working modes of the threat engine
2021-01-19 Experience optimization The Internet firewall is available in the China (Guangzhou) region. The Internet firewall can be enabled for Elastic Compute Service (ECS) instances that are deployed in the China (Guangzhou) region. All paid editions Supported regions

2020

Release date Category Feature Description Involved edition References
2020-12-29 New feature Attack payloads are included in IPS blocking records. Attack payloads are included in IPS blocking records. This way, you can analyze attack behavior in a more comprehensive manner. All paid editions Intrusion prevention
2020-12-10 Experience optimization Access control policies can be located by searching for IP addresses. Access control policies that use the IP address book or CIDR block of a specific IP address can be located by searching for the IP address. All paid editions Not supported.
2020-12-10 Experience optimization Policy IDs are provided for the Internet firewall. Policy IDs are provided for the Internet firewall, which helps you identify specific policies by their policy IDs. All paid editions Search for a specific policy based on the policy ID
2020-12-10 New feature The policy export feature is introduced. Both inbound and outbound access control policies of the Internet firewall can be exported to your computer. All paid editions Export policies
2020-12-03 Experience optimization The types of cloud assets are displayed below the Cloud Address Books option of inbound access control policies. In the inbound access control policies of the Internet firewall, the types of cloud assets are displayed below the Cloud Address Books option. This way, you can configure access control policies for specific cloud assets. All paid editions Not supported.
2020-12-03 Experience optimization The display of statistics on brute-force attacks and scanning risks is optimized on the Overview page. The display of statistics on brute-force attacks and scanning risks is optimized on the Overview page. This way, you can obtain attack status in a more intuitive manner. All paid editions Not supported.
2020-12-03 Experience optimization The lists on the Access Control page are optimized. Pagination is supported for the lists on the Access Control page. All paid editions Not supported.
2020-11-17 New feature Secure forward proxies are supported. Outbound traffic from Network Address Translation (NAT) gateways to the Internet can be protected and controlled. Enterprise Edition and Ultimate Edition Use secure forward proxies
2020-11-19 New feature Auto-renewal is supported. Auto-renewal is supported by Cloud Firewall. This feature helps prevent service suspension if you do not renew your service in time. All paid editions Enable the auto-renewal feature
2020-09-17 New feature Notification settings are supported. Notification settings are supported by Cloud Firewall. If Cloud Firewall detects abnormal traffic, compromised hosts, or suspicious outbound connections in your assets, Cloud Firewall sends notifications by text message or email. All paid editions Modify notification and contact settings
2020-07-30 New feature The check on security group configurations is supported. The feature used to check security group configurations is added to the Toolbox page. All paid editions Check security group rules
2020-06-04 Experience optimization The strict mode of access control policies is optimized. The Strict Mode switch is moved from the Internet Firewall tab of the Access Control page to the Toolbox page. All paid editions Strict mode of the Internet firewall
2020-06-04 New feature Policy rollback is supported. The policy rollback feature is added to the Toolbox page. Enterprise Edition and Ultimate Edition Back up and roll back an access control policy
2020-04-16 Experience optimization The Breach Awareness page is introduced. Intrusion Detection is renamed Breach Awareness. The Breach Awareness page displays the intrusions detected by the IPS. All paid editions Breach awareness
2020-03-19 New feature Enterprise policy groups are supported. Enterprise policy groups are supported by internal firewalls. Enterprise Edition and Ultimate Edition Access control on an internal firewall between ECS instances
2020-03-19 New feature The strict mode of access control policies is supported. The strict mode is supported by the Internet firewall. All paid editions Strict mode of the Internet firewall
2020-02-21 New feature Mining activities over outbound connections are displayed. Mining activities are displayed on the Outbound Connections page. All paid editions Outbound connections
2020-02-21 New feature The most commonly encountered vulnerabilities are displayed. The most commonly encountered vulnerabilities are displayed. All paid editions Not supported.
2020-02-21 New feature The alerting feature is optimized. Cloud Firewall is connected with CloudMonitor to display alerts. All paid editions Not supported.
2020-02-21 New feature Internal firewalls are optimized. The operation logs of internal firewalls are provided. Enterprise Edition and Ultimate Edition Not supported.

2019

Release date Description Involved edition References
2019-12 Default allow policies are supported. You can change default inbound policies from Deny to Allow for security groups. All paid editions Default allow policies for security groups
2019-12 If Destination Type of an access control policy is set to Domain Name, Cloud Firewall resolves domain names and displays resolution results. All paid editions Configure access control policies for domain names
2019-12 The page on which you create a VPC firewall is updated. All paid editions Create a VPC firewall
2019-10 Log reports are supported. You can subscribe to reports and view the traffic data collected by using the log analysis feature. All paid editions Log reports
2019-09 Intelligent policies can be delivered to protect your networks and hosts against security threats. All paid editions Intelligent policies
2019-05 Region-based blocking is implemented to allow access only from specified regions, which prevents logons from unapproved locations and brute-force attacks. All paid editions Access control for outbound and inbound traffic on the Internet firewall
2019-01 Internet access control is supported. Cloud Firewall analyzes access relationships among services and displays analysis results without the need for configuration. Enterprise Edition Internet access

2018

Release date Description Involved edition References
2018-08 The IPS whitelist feature is introduced. This feature allows you to create IPS whitelists to allow access only from trusted sources. All paid editions Prevention configuration