Cloud Firewall is an industry-leading cloud security solution that provides firewalls as a service. It manages both north-south and east-west traffic and provides traffic monitoring, precise access control, and real-time intrusion prevention to protect your networks.
The following table describes Cloud Firewall features and the editions that provide these features.
|Access traffic analysis and attack detection of on-cloud networks||Overview||Provides an overview of defense functions that are enabled and disabled, statistics of access traffic in the last seven days, and detected security risks.||All paid editions||Overview|
|Access control||Internet Firewall||Supports two-way access control over the north-south traffic and domain name-based access control to strictly control the traffic of outbound connections.||All paid editions||Outbound and inbound traffic control on the Internet firewall|
|VPC Firewall||Controls traffic between VPCs.||Enterprise Edition and Ultimate Edition||Access control on VPC firewalls|
|Internal Firewall||Isolates east-west traffic among your ECS instances on an internal network.||All paid editions||Access control on an internal firewall between ECS instances|
|Real-time monitoring and analysis on network traffic||Outbound Connections||Monitors outbound connections of cloud assets in real time.||All paid editions||Outbound connections|
|Internet Access||Collects and analyzes the statistics of access traffic of on-cloud networks.||All paid editions||Internet access|
|VPC Access||Monitors the traffic between VPCs in real time, so that you can obtain the VPC traffic data in real time and identify and handle suspicious traffic in a timely manner.||Enterprise Edition and Ultimate Edition||VPC access|
|Breach Awareness||Provides details about intrusion events that are detected by the intrusion prevention system (IPS) and the solutions to the intrusion events.||All paid editions||Breach awareness|
|Traffic Blocked by IPS||Provides statistics of access traffic that is blocked by Cloud Firewall.||All paid editions||Traffic blocked by IPS|
|All Access Activities||Allows you to query traffic that passes through Cloud Firewall and meets specified conditions.||All paid editions||All access activities|
|Intrusion prevention||Vulnerability Prevention||Detects vulnerabilities that can be exploited by network attacks and provides defense against these vulnerabilities.||All paid editions||Vulnerability prevention|
||All paid editions||Intrusion prevention policies|
|Logs||Log Audit||Provides log auditing and behavior backtracking.
||All paid editions||Log audit|
|Log Analysis||Automatically collects, stores, and analyzes inbound and outbound traffic logs in real time and supports real-time monitoring and alerting based on specified metrics. This ensures timely responses if exceptions occur for critical business. The log can be stored for up to six months.||All paid editions||Activate Log Service|
|Common network traffic detection tools||Toolbox||Provides functions such as packet capture, policy backup and rollback, and security group configuration check, which helps you fully understand the network traffic that passes through Cloud Firewall.||
|Business visualization||Visualization of security groups and application groups||Provides information and access relationships of your assets.||All paid editions|
|Visualization of custom groups||Allows you to create custom groups to build relationships between applications, application groups, and business groups of your cloud assets.||All paid editions||Create application groups and business groups|