Cloud Firewall is the first Firewall as a Service (FWaaS) solution that is provided by Alibaba Cloud for public clouds. Cloud Firewall allows you to centrally manage the access control policies that are used to control north-south traffic from the Internet to your ECS instances and the microsegmentation policies that are used to control east-west traffic between ECS instances. Cloud Firewall provides a built-in intrusion prevention system (IPS). IPS allows you to view networkwide traffic and inter-business access relationships. Cloud Firewall is the primary infrastructure used to secure your business that have been migrated to Alibaba Cloud.

Protection scope of Cloud Firewall

Cloud Firewall can protect the following cloud assets or traffic:
  • Internet traffic: traffic from public IP addresses of Elastic Compute Service (ECS), elastic IP addresses (EIPs) of Server Load Balancer (SLB), some public IP addresses of SLB, high-availability virtual IP addresses (HAVIP), EIPs, EIPs of ECS, EIPs of Elastic Network Interface (ENI), and EIPs of Network Address Translation (NAT) Gateway
    Note Alibaba Cloud provides public and private SLB instances. Some public SLB instances cannot be protected by Cloud Firewall due to network architecture reasons. We recommend that you deploy private SLB instances and associate EIPs with the private SLB instances. For information about how to associate an EIP with an SLB instance, see Associate an Elastic IP address with an SLB instance.
  • Traffic between VPCs: traffic between VPCs that are connected by using a CEN or Express Connect


Cloud Firewall complies with the following standards: ISO 9001, ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 29151, ISO 27701, BS 10012, CSA STAR, and PCI DSS.