Cloud Firewall provided by Alibaba Cloud is the first Firewall as a Service (FWaaS) solution for public clouds. Cloud Firewall allows you to manage the following types of policies in a centralized manner: access control policies that are used to control north-south traffic and microsegmentation policies that are used to control east-west traffic. Cloud Firewall provides a built-in intrusion prevention system (IPS), which allows you to view network-wide traffic and access relationships among your services. Cloud Firewall is the primary infrastructure that you can use to protect your services in Alibaba Cloud.

Protection scope of Cloud Firewall

Cloud Firewall can protect the following cloud assets or traffic:
  • Internet traffic: traffic of public IP addresses of Elastic Compute Service (ECS) instances, elastic IP addresses (EIPs) of Server Load Balancer (SLB) instances, High-Availability Virtual IP Addresses (HAVIPs), EIPs, EIPs of ECS instances, EIPs of Elastic Network Interfaces (ENIs), some public IP addresses of Server Load Balancer (SLB) instances, and EIPs of network address translation (NAT) gateways.
  • Traffic between VPCs: traffic between VPCs that are connected by using a CEN or Express Connect
  • Traffic between VPCs and data centers: The VPCs and data centers are connected by using virtual border routers (VBRs).


Cloud Firewall complies with the following standards: ISO 9001, ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 29151, ISO 27701, BS 10012, Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR), and Payment Card Industry (PCI) Data Security Standards (DSS).






Protection scope of Cloud Firewall