Is network traffic affected after firewalls are enabled?

Enabling Internet Firewall or VPC Firewall has no impact on network traffic.

However, when you enable or disable VPC Firewall, persistent connections are reset. Consider this limit before you enable VPC Firewall. If your VPC uses a private SLB instance, make sure that your applications support automatic TCP retransmission before you enable VPC Firewall. You must also pay attention to the application connection status and prevent disconnections caused by the retransmission mechanism not configured.

Are the rules of ECS security groups affected after VPC Firewall is enabled?

No, the rules of ECS security groups are not affected after VPC Firewall is enabled.

After VPC Firewall is enabled, a security group named Cloud_Firewall_Security_Group is automatically added and an access control policy is created to allow traffic to the VPC firewall.

The security group applies only to the traffic between VPCs. The existing rules of ECS security groups are not affected. You do not need to migrate or modify the rules of the ECS security groups.

What are the limits of VPC Firewall?

For more information, see VPC firewall limits.