The VPC Firewall feature can detect and collect statistics on traffic between connected VPCs. This feature helps you detect attacks and perform troubleshooting. You can enable or disable this feature in the Cloud Firewall console.

Prerequisites

A VPC firewall is created. For more information, see Create a VPC firewall.

Background information

After the VPC Firewall feature is enabled, you can log on to the Cloud Firewall console and choose Traffic Analysis > VPC Access in the left-side navigation pane to view information about traffic between VPCs.
After the VPC Firewall feature is enabled, a security group named Cloud_Firewall_Security_Group and an allow policy appear on the Security Groups page of the ECS console. The allow policy is also referred to as an authorization policy, which is used to allow inbound traffic from the VPC firewall to ECS instances. To go to the Security Groups page, log on to the ECS console and click Network & Security in the left-side navigation pane.
Note Do not delete the security group Cloud_Firewall_Security_Group and the allow policy. Otherwise, the inbound traffic from the VPC firewall to ECS instances cannot be protected by the VPC firewall.

Procedure

  1. Log on to the Cloud Firewall console.
  2. In the left-side navigation pane, click Firewall Settings.
  3. On the Firewall Settings page, click the VPC Firewall tab.
  4. On the VPC Firewall tab, click the Express Connect or CEN tab based on your VPC connection type.
  5. Find the target Cloud Firewall instance and turn on or turn off Firewall Settings.
    If a large number of Cloud Firewall instances exist, we recommend that you use the filter or search function to find the target Cloud Firewall or VPC instance.Firewall Settings
  6. Wait for a few seconds until the VPC Firewall feature is enabled or disabled.

Result

  • After you turn on Firewall Settings, Firewall Status becomes Enabling. If Firewall Status becomes Enabled, the VPC Firewall feature is enabled.
  • After you turn off Firewall Settings, Firewall Status becomes Disabling. If Firewall Status becomes Disabled, the VPC Firewall feature is disabled.

What to do next

After the VPC Firewall feature is enabled, traffic between VPCs is collected and analyzed. You can view the statistics and analysis results on the VPC Access page. To go to the VPC Access page, choose Traffic Analysis > VPC Access in the left-side navigation pane of the Cloud Firewall console. For more information about VPC access traffic, see VPC access.