Cloud Firewall is an industry-leading cloud security solution that provides firewalls as a service. It manages both north-south and east-west traffic and provides traffic monitoring, precise access control, and real-time intrusion prevention to protect your networks.
Features
The following table describes Cloud Firewall features and the editions that provide these features.
| Scenario | Feature | Description | Supported edition | Reference |
|---|---|---|---|---|
| Access traffic analysis and attack detection of on-cloud networks | Overview | Provides an overview of defense functions that are enabled and disabled, statistics of access traffic in the last seven days, and detected security risks. | All paid editions | Overview |
| Access control | Internet Firewall | Supports two-way access control over the north-south traffic and domain name-based access control to strictly control the traffic of outbound connections. | All paid editions | Outbound and inbound traffic control on the Internet firewall |
| VPC Firewall | Controls traffic between VPCs. | Enterprise Edition and Ultimate Edition | Access control on VPC firewalls | |
| Internal Firewall | Isolates east-west traffic among your ECS instances on an internal network. | All paid editions | Access control on an internal firewall between ECS instances | |
| Real-time monitoring and analysis on network traffic | Outbound Connections | Monitors outbound connections of cloud assets in real time. | All paid editions | Outbound connections |
| Internet Access | Collects and analyzes the statistics of access traffic of on-cloud networks. | All paid editions | Internet access | |
| VPC Access | Monitors the traffic between VPCs in real time, so that you can obtain the VPC traffic data in real time and identify and handle suspicious traffic in a timely manner. | Enterprise Edition and Ultimate Edition | VPC access | |
| Breach Awareness | Provides details about intrusion events that are detected by the intrusion prevention system (IPS) and the solutions to the intrusion events. | All paid editions | Breach awareness | |
| Traffic Blocked by IPS | Provides statistics of access traffic that is blocked by Cloud Firewall. | All paid editions | Traffic blocked by IPS | |
| All Access Activities | Allows you to query traffic that passes through Cloud Firewall and meets specified conditions. | All paid editions | All access activities | |
| Intrusion prevention | Vulnerability Prevention | Detects vulnerabilities that can be exploited by network attacks and provides defense against these vulnerabilities. | All paid editions | Vulnerability prevention |
| Intrusion Prevention |
|
All paid editions | Intrusion prevention policies | |
| Logs | Log Audit | Provides log auditing and behavior backtracking.
|
All paid editions | Log audit |
| Log Analysis | Automatically collects, stores, and analyzes inbound and outbound traffic logs in real time and supports real-time monitoring and alerting based on specified metrics. This ensures timely responses if exceptions occur for critical business. The log can be stored for up to six months. | All paid editions | Activate Log Service | |
| Common network traffic detection tools | Toolbox | Provides functions such as packet capture, policy backup and rollback, and security group configuration check, which helps you fully understand the network traffic that passes through Cloud Firewall. |
|
|
| Business visualization | Visualization of security groups and application groups | Provides information and access relationships of your assets. | All paid editions | |
| Visualization of custom groups | Allows you to create custom groups to build relationships between applications, application groups, and business groups of your cloud assets. | All paid editions | Create application groups and business groups |