Cloud Firewall visualizes the traffic between businesses to help you learn about the access relationships between businesses and choose access control policies to be applied.
Prerequisites
To visualize the traffic, you must create business groups and application groups and add applications to these groups.
Background information
- Business group: In east-west traffic visualization, a business group is a set of application groups that provide the same service or similar services. For example, a Web portal business group contains Web application groups and database application groups.
- Application group: In east-west traffic visualization, an application group is a set of applications that provide the same service or similar services. For example, all ECS instances deployed with MySQL can be added to one database application group.
- Application: The smallest unit in east-west traffic visualization. An application is a set of all open ports on an ECS instance by default. You can create a new application by cloning the default application through a specified port.
Step 1: Create a business group
- Log on to the Cloud Firewall console.
- In the left-side navigation pane, choose .
- In the upper-left corner of the Business Groups tab page, select a VPC network for the business group to be created.
Note You can select from existing VPC networks and Classic networks. You must specify only one VPC network for each business group.
- In the upper-right corner, click Create Business Group.
- In the Create Business Group dialog box, configure the business group information.
- Name: Enter the business group name. The name must be from 1 to 40 characters in length.
- Description: Enter the business group description.
- Importance Degree: Specify the importance degree of the business group. This helps you distinguish
business groups of different importance degrees in the business relations graph. The
importance degrees include moderate, important, and critical.
On the Application Groups page, you can view business groups of specified importance degrees.
- Click OK.
The new business group belongs to the VPC network that you selected. In the business group list, you can modify or delete business groups.Note You cannot delete a business group that contains application groups.
Step 2: Create an application group
- Log on to the Cloud Firewall console.
- In the left-side navigation pane, choose .
- In the upper-left corner of the Application Groups tab page, select a VPC network for the application group to be created.
- In the upper-right corner, click Create Application Group.
- In the Create Application Group dialog box, configure the application group information.
- Name: Enter the application group name. The name must be from 1 to 40 characters in length.
- Description: Enter the application group description.
- Importance Degree: Specify the importance degree of the application group. This helps you distinguish
application groups of different importance degrees in the business relations graph.
The importance degrees include moderate, important, and critical.
On the Application Groups page, you can click a business group, and view applications groups of specified importance degrees.
- Business Group: You can Select Existing Business Group or Create Business Group.
- If you choose to Select Existing Business Group, select a business group in the Name drop-down list.
Note The new application group is automatically added to the VPC network that the specified business group belongs to.
- If you choose to create a business group, specify the name, description, and importance degree of the new business group.
- If you choose to Select Existing Business Group, select a business group in the Name drop-down list.
- Click OK.
- (Optional) You can click Assign in the Actions column to change the business group that an application group belongs to.
After this operation, the data in the Application Groups column on the Business Groups tab page is changed.
You can also modify or delete the application groups.Note You cannot delete an application group that contains applications.
Step 3: Specify an application group and a business group for an application

- Log on to the Cloud Firewall console.
- In the left-side navigation pane, choose .
- Search for a specific application.
- Click Assign in the Actions column. In the dialog box that appears, select the business group and application
group that you created.
Note After this operation, the numbers of business groups and application groups on the Business Groups tab page are changed.
- (Optional) You can also click Clone in the Actions column to create a new application based on the specified application.
After you activate Cloud Firewall, a default application is created for each ECS instance. The traffic bound to an ECS instance is automatically associated with the default application. If the applications on an ECS instance are associated with different businesses, you can use the clone operations to create a new application and assign another business group and another application group. When you clone an application, you can modify the ECS instance ID, listening port, and process name.