Cloud Firewall supports centralized management of north-south and east-west traffic, and provides features including real-time traffic monitoring, precise access control, real-time intrusion prevention, and traffic logs to comprehensively protect your network.

Cloud Firewall supports the following features:
  • Real-time traffic monitoring:
    • Monitors the external connection activities.
    • Analyzes the access traffic from the Internet to your ECS instances.
    • Analyzes the access traffic between ECS instances in your intranet.
    • Gives you full visibility of your assets and access relationships between assets, helping you detect abnormal traffic in a timely manner.
  • Precise access control:
    • Controls the access traffic from the Internet to your ECS instances (north-south traffic).
    • Provides micro-isolation protection over the access traffic between ECS instances (east-west traffic) on your intranet.
    • Controls inbound and outbound traffic.
    • Performs domain name-based access control to strictly control the external connection traffic.
    • Analyzes external connections activities to help you detect abnormal activities on ECS instances.
  • Real-time intrusion prevention:
    • Intelligently detects and blocks intrusions in real time. Analyzes the network access traffic blocked by Cloud Firewall and IPS.
    • Synchronizes malicious IP addresses (for example, those of malicious visitors, scanners, and command-and-control servers) detected on the entire Alibaba Cloud network to Cloud Firewall to defend against threats and intrusions in advance.
    • Embedded with intrusion prevention rules concluded in long-term attack and defense practices on cloud platforms, featuring a high threat recognition rate and a low false alarm rate.
    • Supports recovery through virtual patches instead of patch installation in business systems, and precisely protects against popular vulnerabilities and high-risk 0-day and N-day exploitation.
  • Behavior backtracking:
    • Provides event logs to show real-time threats or intrusions detected and blocked by IPS.
    • Provides traffic logs to show all the traffic that passes through Cloud Firewall. When a threat event occurs, you can view traffic logs to analyze the traffic, identify the visitors, and check whether the configured access control policies have taken effect.
    • Provides system operation logs to show all the configuration and operation records in Cloud Firewall.
    • Stores logs for a maximum of six months, which complies with network security regulations and classified protection requirements.