Cloud Firewall is an industry-leading cloud security solution that provides firewalls as a service. It manages both north-south and east-west traffic and provides traffic monitoring, precise access control, and real-time intrusion prevention to protect your networks.
Features
The following table describes Cloud Firewall features and the editions that provide these features.
Scenario | Feature | Description | Supported edition | Reference |
---|---|---|---|---|
Access traffic analysis and attack detection of on-cloud networks | Overview | Provides an overview of defense functions that are enabled and disabled, statistics of access traffic in the last seven days, and detected security risks. | All paid editions | Overview |
Access control | Internet Firewall | Supports two-way access control over the north-south traffic and domain name-based access control to strictly control the traffic of outbound connections. | All paid editions | Outbound and inbound traffic control on the Internet firewall |
VPC Firewall | Controls traffic between VPCs. | Enterprise Edition and Ultimate Edition | Access control on VPC firewalls | |
Internal Firewall | Isolates east-west traffic among your ECS instances on an internal network. | All paid editions | Access control on an internal firewall between ECS instances | |
Real-time monitoring and analysis on network traffic | Outbound Connections | Monitors outbound connections of cloud assets in real time. | All paid editions | Outbound connections |
Internet Access | Collects and analyzes the statistics of access traffic of on-cloud networks. | All paid editions | Internet access | |
VPC Access | Monitors the traffic between VPCs in real time, so that you can obtain the VPC traffic data in real time and identify and handle suspicious traffic in a timely manner. | Enterprise Edition and Ultimate Edition | VPC access | |
Breach Awareness | Provides details about intrusion events that are detected by the intrusion prevention system (IPS) and the solutions to the intrusion events. | All paid editions | Breach awareness | |
Traffic Blocked by IPS | Provides statistics of access traffic that is blocked by Cloud Firewall. | All paid editions | Traffic blocked by IPS | |
All Access Activities | Allows you to query traffic that passes through Cloud Firewall and meets specified conditions. | All paid editions | All access activities | |
Intrusion prevention | Vulnerability Prevention | Detects vulnerabilities that can be exploited by network attacks and provides defense against these vulnerabilities. | All paid editions | Vulnerability prevention |
Intrusion Prevention |
|
All paid editions | Intrusion prevention policies | |
Logs | Log Audit | Provides log auditing and behavior backtracking.
|
All paid editions | Log audit |
Log Analysis | Automatically collects, stores, and analyzes inbound and outbound traffic logs in real time and supports real-time monitoring and alerting based on specified metrics. This ensures timely responses if exceptions occur for critical business. The log can be stored for up to six months. | All paid editions | Activate Log Service | |
Common network traffic detection tools | Toolbox | Provides functions such as packet capture, policy backup and rollback, and security group configuration check, which helps you fully understand the network traffic that passes through Cloud Firewall. |
|
|
Business visualization | Visualization of security groups and application groups | Provides information and access relationships of your assets. | All paid editions | |
Visualization of custom groups | Allows you to create custom groups to build relationships between applications, application groups, and business groups of your cloud assets. | All paid editions | Create application groups and business groups |