You cannot enable the Internet firewall if your asset is not in the same Alibaba Cloud account as the Cloud Firewall instance, does not support Cloud Firewall, or does not have a public IP address.

Problem description

On the Internet Firewall tab of the Firewall Settings page, the Enable Firewall action is not available for some assets, and the system prompts Firewall is not supported in this network.Fail to enable the Internet firewall

Causes

This problem may occur because the network of the SLB instance does not support the Internet firewall. Specific causes are as follows:
  • There is a limit on the network architecture of the SLB instance. As a result, the Internet firewall is not supported.
  • The asset does not have a public IP address.
Note We recommend that you bind an Elastic IP address (EIP) to a private SLB instance and enable the Internet firewall for the EIP. For more information, see Associate an Elastic IP address with an SLB instance. You cannot enable the Internet firewall for a public SLB instance. We recommend that you do not change the network of the public SLB instance. If you need any help, contact SLB technical support.

Types of public IP addresses supported by the Internet firewall

The Internet firewall supports the following types of public IP addresses:

  • ENI EIP: bound to an ECS instance in a VPC, private SLB instance in a VPC, ENI, or NAT gateway
  • Public NAT IP address: assigned based on the ECS instances
  • SLB EIP: bound to a private SLB instance
  • Pulic IP address of a bastion host