All Products
Search
Document Center

Cloud Firewall:Data overview

Last Updated:Jan 02, 2024

This topic describes the basic information and overall protection results of Cloud Firewall. This topic also describes the statistics and traffic topologies of your assets. This helps you view the security status of your network assets and the traffic of your cloud assets over the Internet firewall and virtual private cloud (VPC) firewalls.

Overview

The Overview tab displays the overall protection results of Cloud Firewall and the statistics on your assets. This helps you view the security status of your network assets.

  1. Log on to the Cloud Firewall console.

  2. On the Overview tab, view the following information.

    Section

    Description

    Supported operation

    Basic information about Cloud Firewall

    This section displays the edition of your Cloud Firewall. The information that is displayed on the Overview tab varies based on the edition.

    • Temporary Bandwidth Upgrade: You can temporarily change the specifications of Protected Internet Traffic and Protected VPC Traffic on an hourly basis. When the restoration time that you specify arrives, the new specifications of Protected Internet Traffic and Protected VPC Traffic are automatically restored to the specifications before the temporary upgrade. For more information, see Upgrade and downgrade Cloud Firewall.

    • Change Specifications: You can change the specifications of Cloud Firewall by upgrading the edition of Cloud Firewall and changing the configurations related to billable items. For more information, see Upgrade and downgrade Cloud Firewall.

    • Renew: You can manually renew Cloud Firewall. For more information, see Renewal.

    • Auto-renewal: If you enable the auto-renewal feature, the system deducts fees from your account balance and renews your subscription nine days before your subscription expires. The system can deduct fees only if your account has a sufficient balance. For more information, see Renewal.

    • Release: You can manually release Cloud Firewall starting 15 days before expiration until 7 days after expiration. For more information, see Release Cloud Firewall.

      Note

      Before you release Cloud Firewall, we recommend that you disable firewalls during off-peak hours and make sure that your business runs as normal.

    • More: You can view Protected Internet Traffic, Recent Peak Traffic, Protected Public IP Addresses, Protected VPC Traffic, Recent Peak Traffic, Quota for VPC Firewalls, Audit Log Storage Capacity, and Quota for Multi-account Management. The value of Recent Peak Traffic indicates the traffic peak within the previous seven days.

    Unhandled Events

    This section displays the following information about your assets for which protection is enabled: Compromised Hosts, Detected Vulnerabilities, Open Ports, and Suspicious Outbound Connections.

    Handle an exception: Move the pointer over an exception type. After Handle Now appears, click Handle Now to go to the page that displays associated exceptions. For example, after you click Handle Now for Suspicious Outbound Connections, the Outbound Connection page appears. You can handle suspicious outbound connections on this page.

    For more information about how to handle different types of exceptions, see the following topics:

    Asset Protection

    This section displays the protection status of your assets. In this section, you can view the following information:

    • The number of public IP addresses that are protected or not protected by the Internet firewall.

    • The number of VPC firewalls that are in the Created or Not Created state.

    • The number of NAT firewalls that are created or not created.

    • The number of security groups that are protected by internal firewalls.

    You can click a number next to the icon that indicates unprotected assets to go to the Firewall Settings page and enable firewalls for the unprotected assets. For more information, see Internet firewall, Enable or disable VPC Firewall, and Use NAT Firewall.

    Security Protection

    This section displays the numbers of times that protection modules are triggered to protect your assets. In this section, you can view Total Blocked Attacks, Intrusions, Attacks Blocked by Access Control Policies, and Blocked Vulnerability Attacks.

    View details: Click Show in the lower-right corner to view the statistics on different protection modules.

    For more information about the protection modules, see the following topics:

    Security Policies

    This section displays the statistics on access control policies. In this section, you can view Intelligent Policies to be Applied and Total Access Control Policies. You can also view the changes to the policies in the previous seven days below Total Access Control Policies.

    Click the number below Intelligent Policies to be Applied. The Internet Border page appears. In the Recommended Intelligent Policy panel, you can view and apply the intelligent policies that are recommended by Cloud Firewall. For more information, see Intelligent Policy.

    Click the number below Total Access Control Policies. The Internet Border page appears. On this page, you can view and manage access control policies.

    Latest Updates

    This section displays the update records of Virtual Patching, Rule Updates, and Feature Updates of Cloud Firewall.

    Click the Virtual Patching, Rule Updates, or Feature Updates tab to view specific update records.

    Traffic Trend

    This section displays the trends of traffic over the Internet firewall and VPC firewalls that are recently enabled for your assets. This section is not displayed if your Cloud Firewall uses the pay-as-you-go billing method.

    • Internet Border: This tab displays Traffic Trend, Trend of Blocked Inbound Traffic, and Trend of Blocked Outbound Traffic.

    • VPC Firewall: This tab displays Trend of Handled Traffic Between VPCs and Trend of Blocked Sessions Between VPCs.

      The VPC Firewall tab is displayed on the Overview page only in Cloud Firewall Enterprise Edition and Ultimate Edition.

    If the volume of your business traffic exceeds the Internet traffic bandwidth that you purchase for protection, the excess traffic is not protected by Cloud Firewall. Cloud Firewall can protect traffic only within the scope limited by the purchased protection bandwidth. In this case, you must purchase additional protection bandwidth. For more information, see Upgrade and downgrade Cloud Firewall.

    Note

    For more information about how to identify IP addresses with abnormal traffic spikes, see What do I do if the volume of my business traffic exceeds the purchased bandwidth of Cloud Firewall?

    • Specify a time range: Click the drop-down list in the upper-right corner and select a time range.

    • View a trend chart on the Internet Border tab.

      • View the trend chart of inbound and outbound traffic: On the Traffic Trend tab, move the pointer over the trend chart to view the details of inbound and outbound traffic at a specified point in time. You can click the 详情 icon to the right of Peak Inbound Traffic and Peak Outbound Traffic. In the tooltip that appears, click Learn More and go to the Internet Exposure and Outbound Connection pages. You can view the details of peak traffic on the pages that appear.

        • Inbound traffic = Traffic of requests exposed on the Internet + Traffic of responses exposed on the Internet

          Peak Inbound Traffic specifies the peak of total traffic that is exposed on the Internet. The peak is less than or equal to the sum of request traffic and response traffic. This is because Cloud Firewall calculates traffic statistics based on the aggregated peak values within a specified period of time.

        • Outbound traffic = Traffic of requests in outbound connections + Traffic of responses in outbound connections

          Peak Outbound Traffic specifies the peak of total traffic that flows over outbound connections. The peak is less than or equal to the sum of request traffic and response traffic. This is because Cloud Firewall calculates traffic statistics based on the aggregated peak values within a specified period of time.

        Note

        The Internet firewall monitors only the traffic of public IP addresses. If you want to view the traffic of private IP addresses, you must enable a NAT firewall.

      • View the trend chart of blocked inbound traffic: On the Trend of Blocked Inbound Traffic tab, move the pointer over the trend chart to view the value of Blocked Sessions at a specified point in time. You can view the value of Peak Traffic Blocked in the upper-left corner of the trend chart.

      • View the trend chart of blocked outbound traffic: On the Trend of Blocked Outbound Traffic tab, move the pointer over the trend chart to view the value of Blocked Sessions at a specified point in time. You can view the value of Peak Traffic Blocked in the upper-left corner of the trend chart.

    • View a trend chart on the VPC Firewall tab.

      • View the trend chart of traffic between VPCs: On the Trend of Handled Traffic Between VPCs tab, move the pointer over the trend chart to view the total volume of traffic between VPCs at a specified point in time. The volume is calculated after deduplication. Then, click View Details. In the VPC Traffic Details panel, view the details of traffic between VPCs at a specified point in time.

        You can also click View Details in the Actions column of a VPC to go to the VPC Access page. For more information, see View VPC access data.

      • View the trend chart of blocked traffic between VPCs: On the Trend of Blocked Sessions Between VPCs tab, move the pointer over the trend chart to view the value of Blocked Sessions at a specified point in time. You can view the value of Peak Traffic Blocked in the upper-left corner of the trend chart.

    Scenario Data

    This section displays the information about brute-force attacks, scan attacks, mining activities, and database attacks that Cloud Firewall detects on your assets. This section also displays the protection results of Cloud Firewall.

    • Specify a time range: Click the drop-down list in the upper-right corner and select a time range.

    • View the data of a scenario: Click the Brute-force Attacks, Scan, Mining, or Database Attack tab to view the data of a scenario. The following list describes the data on each tab:

      • Brute-force Attacks: displays the statistics on brute-force attacks and the rankings of attacked applications and assets.

      • Scan: displays the statistics on scanning risks and the rankings of scanned applications and assets.

      • Mining: displays the statistics on mining programs and the rankings of attacked applications and assets.

      • Database Attack: displays the statistics on database attacks and the rankings of attacked applications and assets.

Traffic Topology Visualization

The Traffic Topology Visualization tab allows you to view the traffic topologies of cloud assets that are protected by Cloud Firewall. The traffic topologies display the traffic of cloud assets over the Internet and VPC firewalls. The Traffic Topology Visualization tab is displayed only in Cloud Firewall Enterprise Edition and Ultimate Edition.

  1. Log on to the Cloud Firewall console. In the left-side navigation pane, click Overview.

  2. Click the Traffic Topology Visualization tab and view the following information.

    Section

    Description

    Supported operation

    Overview

    This section displays the following information: Public IP Address, vpc, Traffic, Intrusion Prevention Mode, Attack, and ACL.

    • Public IP Address:

      • Total IP Addresses: the total number of public IP addresses of the assets within the current Alibaba Cloud account.

      • Unprotected IP Addresses: the total number of IP addresses for which no firewall is enabled.

        You can click Enable Firewall to go to the Internet Firewall tab of the Firewall Settings page. On the Internet Firewall tab, you can enable the Internet firewall for the IP addresses that are not protected.

    • vpc:

      • Total VPCs: the total number of VPCs that are attached to Cloud Enterprise Network (CEN) instances and VPCs that are connected by using Express Connect circuits within the current Alibaba Cloud account.

      • Unprotected VPCs: the number of VPCs for which no firewall is enabled.

        You can click Enable Firewall to go to the VPC Firewall tab of the Firewall Settings page. On the VPC Firewall tab, you can enable the VPC firewalls for the VPCs that are not protected.

    • Traffic:

      • Peak Traffic in Last 7 Days: the peak value of traffic that is protected by Cloud Firewall within the previous seven days.

      • Peak Outbound Traffic: the peak value of outbound traffic that is protected by Cloud Firewall within the previous seven days.

      • Peak Inbound Traffic: the peak value of inbound traffic that is protected by Cloud Firewall within the previous seven days.

    • Intrusion Prevention Mode:

      The value below Intrusion Prevention Mode is synchronized from the Prevention Configuration page. For more information, see Working modes of the threat detection engine.

    • Attack:

      • Blocked Attacks: the number of attacks that are blocked by Cloud Firewall.

      • Total Attacks: the total number of attacks on the cloud assets that are protected by Cloud Firewall.

    • ACL: the number of created access control policies.

    None.

    Internet Border

    This section displays the topology of traffic between the Internet-facing assets within the current Alibaba Cloud account and the Internet.

    • Click the icon of a cloud asset to view the public IP address of the asset. You can view Unprotected IP Address and Protected IP Address on the left side of the page.

    • Click an IP address to view the details of the inbound and outbound traffic of the IP address. You can view the details on the left side of the page.

      On the Inbound tab, you can view the following information: IP, Open Port, Intelligent Policy Recommended, and Access Control Policy.

      On the Outbound tab, you can view the following information: Outbound Domain, Outbound IP Address, Intelligent Policy Recommended, and Access Control Policy.

    VPC Firewall

    • All VPCs: the VPCs that are connected by using Express Connect circuits and the VPCs that are attached to CEN instances within the current Alibaba Cloud account. You can move the pointer over a VPC to view the information about the VPC.

      • The 已防护 icon indicates a protected VPC.

      • The 未开启防护 icon indicates an unprotected VPC.

    • Connected VPC: the details of the VPCs that are connected by using Express Connect circuits and the VPCs that are attached to CEN instances. You can click the Show icon to view the traffic topologies between VPCs.

      • The 高速通道连接的VPC icon indicates a VPC that is connected by using an Express Connect circuit.

      • The 云企业网下的VPC icon indicates a VPC that is attached to a CEN instance.

      You can view the total number of the VPCs that are connected by using Express Connect circuits, the total number of the VPCs that are attached to CEN instances, and all connected VPCs on the left side of the page. You can click the name of a VPC to view the traffic topology.

    None.