Cloud Firewall is a cloud security solution that provides firewalls as a service. It manages both north-south and east-west traffic and provides features, such as traffic monitoring, precise access control, and real-time intrusion prevention, to deliver protection at the network boundaries. This topic describes Cloud Firewall features and the editions that support these features.
Cloud Firewall features
The following table describes Cloud Firewall features and the editions that support these features. The specifications of a feature vary based on the editions. For more information, see Billing.
- Cross (×): This feature is not supported.
- Tick (√): This feature is supported.
|Scenario||Feature||Description||Basic Edition||Premium Edition||Enterprise Edition||Ultimate Edition||References|
|Access traffic analysis and attack detection of on-cloud networks||Overview||Provides an overview of defense features that are enabled and disabled and shows statistics on access traffic and detected security risks from the last seven days.||×||√||√||√||Overview|
|Access control||Internet Firewall||Supports two-way access control over north-south traffic and supports domain name-based access control to strictly control the traffic of outbound connections.||×||√||√||√||Access control for outbound and inbound traffic on the Internet firewall|
|VPC Firewall||Controls traffic between virtual private clouds (VPCs).||×||×||√||√||Access control on VPC firewalls|
|Internal Firewall||Controls east-west traffic among your Elastic Compute Service (ECS) instances on an internal network.||×||×||√||√||Access control on an internal firewall between ECS instances|
|Network traffic analysis||Outbound Connections||Monitors outbound connections of cloud assets in real time.||×||√||√||√||Outbound connections|
|Internet Access||Collects and analyzes the statistics on access traffic of on-cloud networks.||×||√||√||√||Internet access|
|VPC Access||Monitors the traffic between VPCs in real time, which allows you to dynamically obtain the VPC traffic data and identify and handle suspicious traffic at the earliest opportunity.||×||×||√||√||VPC access|
|All Access Activities||Allows you to query traffic that passes through Cloud Firewall based on conditions.||×||√||√||√||All access activities|
|Attack prevention||Vulnerability Prevention||Detects vulnerabilities that can be exploited by attacks in real time and defends against these vulnerabilities.||×||√||√||√||Vulnerability prevention|
|Breach Awareness||Provides the details about intrusion events that are detected by the intrusion prevention system (IPS) and the solutions to handle the intrusion events.||×||√||√||√||Breach awareness|
|Intrusion Prevention||Provides the details of protection for traffic between VPCs, inbound Internet traffic, and outbound Internet traffic.||×||√||√||√||Intrusion prevention|
|Prevention Configuration||Provides the built-in threat detection engine that delivers the following capabilities:
|Log management||Log Audit||Provides log audit and behavior backtracking.
|Log Analysis||Automatically collects, stores, and analyzes both inbound and outbound traffic logs in real time and supports real-time monitoring and alerting based on specific metrics. This ensures timely responses if exceptions occur in critical business. The value of a log storage duration ranges from 30 to 365 days.||×||√||√||√||Activate Log Service|
|Common tools for network traffic detection||Toolbox||Allows you to back up and roll back access control policies of the Internet firewall and VPC firewalls.||×||×||√||√||Back up and roll back an access control policy|
|Supports the packet capture feature, which helps you troubleshoot network failures and analyze attacks.||×||×||√||√||Create a packet capture task|
|Allows you to check security group configurations and check whether the requirements of classified protection are met.||√||√||√||√||Check security group rules|
|Business visualization||Custom Groups||Allows you to create custom groups to build relationships between the applications of your cloud assets and application groups or business groups.||×||√||√||√||Create application groups and business groups|
|Centralized account management||Central Account Management||Allows you to add Alibaba Cloud accounts as members, which helps you manage the resources of the accounts in a centralized manner.||×||×||×||√||Use centralized account management|