Cloud Firewall is the first Firewall as a Service (FWaaS) solution that is provided by Alibaba Cloud for public clouds. Cloud Firewall allows you to centrally manage the access control policies that are used to control north-south traffic from the Internet to your ECS instances and the microsegmentation policies that are used to control east-west traffic between ECS instances. Cloud Firewall provides a built-in intrusion prevention system (IPS). IPS allows you to view networkwide traffic and inter-business access relationships. Cloud Firewall is the primary infrastructure used to secure your business that have been migrated to Alibaba Cloud.
Cloud Firewall complies with the following standards: ISO 9001, ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 29151, ISO 27701, BS 10012, CSA STAR, and PCI DSS.
Protection scope of Cloud Firewall
- Internet traffic: traffic of public IP addresses of Elastic Compute Service (ECS) instances, elastic IP addresses (EIPs) of Server Load Balancer (SLB) instances, High-Availability Virtual IP Addresses (HAVIPs), EIPs, EIPs of ECS instances, EIPs of Elastic Network Interfaces (ENIs), some public IP addresses of Server Load Balancer (SLB) instances, and EIPs of network address translation (NAT) gateways.
- Traffic between VPCs: traffic between VPCs that are connected by using a CEN or Express Connect