Release notes for Cloud Firewall - Cloud Firewall - Alibaba Cloud Documentation Center

This topic describes the release notes for features and documentation of Cloud Firewall.

2023

Release date	Feature	Change type	Involved edition	References
2023-11-15	Access control by using virtual private cloud (VPC) firewalls is optimized, which improves user experience.	Feature iteration	Enterprise Edition and Ultimate Edition	Create an access control policy for a VPC firewall
2023-11-07	The validity periods of access control policies created for the Internet firewall, VPC firewalls, and NAT firewalls can be configured.	New feature	All editions	Create inbound and outbound access control policies for the Internet firewall Create an access control policy for a VPC firewall Create an access control policy for a NAT firewall
2023-11-02	The address book for vulnerability scan of Security Center is supported in recommended intelligent address books.	New feature	All editions	Manage address books
2023-11-01	The NAT Firewall feature is available in the Singapore region.	New feature	Premium Edition, Enterprise Edition, and Ultimate Edition	Supported regions
2023-11-01	The prompt for server IP addresses of the web scanner in Security Center is supported.	New feature	All editions	Intrusion prevention
2023-09-19	The NAT Firewall feature is available for commercial use.	New feature	Premium Edition, Enterprise Edition, and Ultimate Edition	NAT Firewall
2023-08-08	The intrusion prevention feature of Cloud Firewall is optimized to defend against attacks and intrusions that use proxies. The feature can display originating IP addresses and the X-Forwarded-For header field. This facilitates the tracing of attacks and helps reduce security risks.	Feature iteration	All editions	Intrusion prevention
2023-08-08	The weekly report feature is available in Cloud Firewall that uses the pay-as-you-go billing method.	New feature	Cloud Firewall that uses the pay-as-you-go billing method	Configure notifications
2023-08-03	Cloud Firewall can protect the elastic IP addresses (EIPs) of Network Load Balancer (NLB) instances.	Feature iteration	All editions	What is Cloud Firewall? Internet Firewall
2023-08-02	The feature of automatic protection for assets is available in Cloud Firewall that uses the pay-as-you-go billing method.	New feature	Cloud Firewall that uses the pay-as-you-go billing method	Pay-as-you-go
2023-07-25	Cloud Firewall that uses the pay-as-you-go billing method supports the log audit feature for event tracing and troubleshooting. By default, the log audit feature retains logs for seven days.	New feature	Cloud Firewall that uses the pay-as-you-go billing method	Functions and features
2023-07-20	Cloud Firewall can protect the EIPs of Application Load Balancer (ALB) instances.	Feature iteration	All editions	What is Cloud Firewall? Internet Firewall
2023-07-18	When you create a VPC firewall for a Basic Edition transit router, you can allocate a custom CIDR block to the VPC that is created for the VPC firewall.	Feature iteration	Enterprise Edition and Ultimate Edition	Configure a VPC firewall for a Basic Edition transit router
2023-07-04	Pay-as-you-go savings plans are available for Cloud Firewall. You can use the savings plans to offset the fees for the billable items of Cloud Firewall that uses the pay-as-you-go billing method. This helps reduce the costs of cloud assets.	New feature	Cloud Firewall that uses the pay-as-you-go billing method	Pay-as-you-go savings plan
2023-06-30	The billing rules of VPC Firewall are simplified. You are charged based on the number of VPC firewalls that you create instead of the consumed quota for VPC firewalls.	Feature iteration	Enterprise Edition and Ultimate Edition	Subscription Configure a VPC firewall for an Enterprise Edition transit router
2023-05-15	The traffic of VPN gateways that are deployed with Cloud Enterprise Network (CEN) transit routers can be protected by VPC firewalls.	Feature iteration	Enterprise Edition and Ultimate Edition	Configure a VPC firewall for an Enterprise Edition transit router
2023-05-04	Cloud Firewall is available in the Philippines (Manila) region.	Feature iteration	All editions	Supported regions
2023-03-17	The billing method of Cloud Firewall can be changed from pay-as-you-go to subscription.	New feature	Cloud Firewall that uses the pay-as-you-go billing method	Pay-as-you-go
2023-01-09	The multi-account management feature is available in the Premium Edition, Enterprise Edition, and Ultimate Edition of Cloud Firewall.	Feature iteration	Premium Edition and Enterprise Edition	Use multi-account management

Before 2023

2022

Feature	Description	Change type	Involved edition	Release date	References
VPC Firewall	The automatic traffic redirection mode is supported. You can use the automatic traffic redirection mode when you configure a VPC firewall for an Enterprise Edition transit router of a CEN instance.	New feature	Enterprise Edition and Ultimate Edition	2022-11-09	Configure a VPC firewall for an Enterprise Edition transit router
Cloud Firewall release	Cloud Firewall that uses the subscription billing method can be manually released.	New feature	Premium Edition, Enterprise Edition, and Ultimate Edition	2022-11-08	Release Cloud Firewall
Settings	Notifications for log storage capacity can be configured.	New feature	Premium Edition, Enterprise Edition, and Ultimate Edition	2022-10-27	Configure notifications
Log analysis	Switches are added to obtain the sub-types of Internet traffic logs and VPC traffic logs.	New feature	Premium Edition, Enterprise Edition, and Ultimate Edition	2022-09-26	Query and analyze logs
Specifications	The Quota for Additional Policy parameter is added to the buy page.	New feature	Premium Edition, Enterprise Edition, and Ultimate Edition	2022-08-11	Subscription
Specifications	The Protected VPC Traffic parameter is added to the buy page.	New feature	Enterprise Edition and Ultimate Edition	2022-08-03	Subscription
VPC Firewall	The Start Check Now button is supported for VPC firewalls.	New feature	Enterprise Edition and Ultimate Edition	2022-08-01	Configure a VPC firewall for an Enterprise Edition transit router
Overview	The traffic topology visualization feature is supported.	New feature	Enterprise Edition and Ultimate Edition	2022-02-25	Overview
Security gateway	Cloud Firewall is upgraded.	Feature iteration	All editions	2022-01-11	[Upgrade] Cloud Firewall is upgraded
Supported regions	The VPC Firewall feature is available in more regions.	New feature	Enterprise Edition and Ultimate Edition	2022-01-11	Supported regions

2021

Feature	Description	Change type	Involved edition	Release date	References
Multi-account management	VPC firewalls and CEN instances within different Alibaba Cloud accounts can be managed in a centralized manner. This allows you to manage resources across various accounts in a flexible manner.	New feature	Ultimate Edition	2021-12-22	Use multi-account management
Log audit	On the Log Audit page, policy IDs can be used to search for traffic logs.	New feature	Premium Edition, Enterprise Edition, and Ultimate Edition	2021-11-29	Log audit
Outbound connection	SSL traffic analysis is supported on the Outbound Connection page.	New feature	Premium Edition, Enterprise Edition, and Ultimate Edition	2021-11-29	Outbound connection
VPC Firewall	API operations for VPC firewalls are released.	New feature	Enterprise Edition and Ultimate Edition	2021-11-22	List of operations by function
VPC Firewall	If a VPC in which WUYING Workspace is deployed is connected to a Basic Edition transit router, you can enable VPC firewalls for other VPCs that are connected to the transit router.	New feature	Enterprise Edition and Ultimate Edition	2021-11-17	Configure a VPC firewall for a Basic Edition transit router
Log storage	A minimum of a 7-day duration is supported when a custom log storage duration is specified.	Feature iteration	Enterprise Edition and Ultimate Edition	2021-09-30	Change the log storage duration
Address book management	The feature that exports address books is supported.	Feature iteration	All paid editions	2021-08-17	Manage address books
Multi-account management	The multi-account management feature can be used to add multiple Alibaba Cloud accounts as members.	Feature iteration	Ultimate Edition	2021-07-30	Use multi-account management
Log storage	The log storage duration can be customized.	New feature	Enterprise Edition and Ultimate Edition	2021-07-22	Change the log storage duration
Supported regions	Cloud Firewall is available in the US (Silicon Valley) region.	Feature iteration	All paid editions	2021-07-21	Supported regions
Attack prevention	A new API operation for the attack prevention feature is released.	New feature	All paid editions	2021-07-19	DescribeVulnerabilityProtectedList - Queries the detected vulnerabilities
Multi-account management	API operations for multi-account management are released.	New feature	All paid editions	2021-07-06	AddInstanceMembers - Adds members to Cloud Firewall
Access control policies	A new API operation for access control policies is released.	New feature	All paid editions	2021-07-02	ModifyControlPolicyPosition - Modifies the priority of an access control policy
Overview	The Overview page is modified.	Feature iteration	All paid editions	2021-06-24	Overview
Intrusion prevention	Information about the geographic locations of attackers is displayed in the Intrusion Prevention module.	Feature iteration	All paid editions	2021-04-23	Intrusion prevention
VPC Firewall	Traffic that passes through the custom routes of CEN transit routers can be protected.	New feature	Enterprise Edition and Ultimate Edition	2021-04-16	Configure a VPC firewall for an Enterprise Edition transit router
Multi-account management	The multi-account management feature is supported.	New feature	Ultimate Edition	2021-03-31	Use multi-account management
Vulnerability prevention	The Vulnerability Prevention page is optimized.	Feature iteration	Enterprise Edition and Ultimate Edition	2021-02-25	Vulnerability prevention
Supported regions	The Internet Firewall feature is available in the India (Mumbai) and UK (London) regions. Secure forward proxies are supported in the China (Chengdu) region.	Feature iteration	All paid editions	2021-02-06	Supported regions
Overview	The Overview page is modified.	Feature iteration	All paid editions	2021-02-05	Overview
Traffic analysis	Traffic analysis details can be downloaded.	Feature iteration	All paid editions	2021-01-28	Outbound connection Internet exposure VPC access
Prevention configuration	Intrusions can be blocked by the intrusion prevention system (IPS) based on different block modes.	New feature	All paid editions	2021-01-19	Configure the working mode of the threat detection engine
Supported regions	The Internet Firewall feature is available in the China (Guangzhou) region.	Feature iteration	All paid editions	2021-01-19	Supported regions

2020

Feature	Description	Change type	Involved edition	Release date	References
Intrusion prevention	Attack payloads are included in IPS blocking records.	New feature	All paid editions	2020-12-29	Intrusion prevention
Access control	Access control policies can be located by searching for IP addresses.	Feature iteration	All paid editions	2020-12-10	None
Internet Firewall	Policy IDs are provided for the Internet firewall.	Feature iteration	All paid editions	2020-12-10	Create inbound and outbound access control policies for the Internet firewall
Internet Firewall	The policy export feature is introduced.	New feature	All paid editions	2020-12-10	Create inbound and outbound access control policies for the Internet firewall
Address books	The types of cloud assets are displayed below the Cloud Address Books option of inbound access control policies.	Feature iteration	All paid editions	2020-12-03	None
Overview	The display of statistics on brute-force attacks and scanning risks is optimized on the Overview page.	Feature iteration	All paid editions	2020-12-03	None
Access control	The lists on the Access Control page are optimized.	Feature iteration	All paid editions	2020-12-03	None
Auto-renewal	Auto-renewal is supported.	New feature	All paid editions	2020-11-19	Renewal
Security group check	The check on security group configurations is supported.	New feature	All paid editions	2020-07-30	Check security group rules
Internet Firewall	The strict mode of access control policies is optimized.	Feature iteration	All paid editions	2020-06-04	Configure the strict mode of the Internet firewall
Policy backup and rollback	Policy rollback is supported.	New feature	Enterprise Edition and Ultimate Edition	2020-06-04	Back up and roll back access control policies
Breach awareness	The Breach Awareness page is introduced.	Feature iteration	All paid editions	2020-04-16	Breach awareness
Internal Firewall	Enterprise policy groups are supported.	New feature	Enterprise Edition and Ultimate Edition	2020-03-19	Access control on an internal firewall between ECS instances
Internet Firewall	The strict mode of access control policies is supported.	New feature	All paid editions	2020-03-19	Configure the strict mode of the Internet firewall
Outbound connection	Mining activities over outbound connections are displayed.	New feature	All paid editions	2020-02-21	Outbound connection
Vulnerability prevention	The most commonly encountered vulnerabilities are displayed.	New feature	All paid editions	2020-02-21	None
Alerting	The alerting feature is optimized.	New feature	All paid editions	2020-02-21	None
Internal Firewall	Internal firewalls are optimized.	New feature	Enterprise Edition and Ultimate Edition	2020-02-21	None

2019

Feature	Description	Change type	Involved edition	Release date	References
Internet Firewall	Default allow policies are supported. You can change default inbound policies from Deny to Allow for security groups.	New feature	All paid editions	2019-12	Internet Firewall
Internet Firewall	If Destination Type of an access control policy is set to Domain Name, Cloud Firewall resolves domain names and displays resolution results.	New feature	All paid editions	2019-12	Create inbound and outbound access control policies for the Internet firewall
VPC Firewall	The page on which you can create a VPC firewall is updated.	Feature iteration	All paid editions	2019-12	Configure a VPC firewall for an Enterprise Edition transit router
Log reports	Log reports are supported. You can subscribe to reports and view the traffic data collected by using the log analysis feature.	New feature	All paid editions	2019-10	View log reports
Intelligent policies	Intelligent policies can be delivered to protect your networks and hosts against security threats.	New feature	All paid editions	2019-09	Create inbound and outbound access control policies for the Internet firewall
Internet Firewall	Region-based blocking is implemented to allow access only from specified regions, which prevents logons from unapproved locations and brute-force attacks.	New feature	All paid editions	2019-05	Create inbound and outbound access control policies for the Internet firewall
Internet exposure	Internet access control is supported. Cloud Firewall analyzes access relationships among services and displays analysis results without the need for configuration.	New feature	Enterprise Edition	2019-01	Internet exposure

2018

Feature	Description	Change type	Involved edition	Release date	References
Prevention configuration	The IPS whitelist feature is introduced. This feature allows you to create IPS whitelists to allow access only from trusted sources.	New feature	All paid editions	2018-08	Protection configuration