Network flow analysis provides you with full visibility of flows across the entire network. You can view real-time activities in your assets, including threat events, network activities, traffic trends, access traffic blocked by IPS, and external connection activities.
External Connections
The External Connections page displays the details on your assets' external connections, including the connected domain names, external IP addresses, the applied protocols and your assets' info. This helps you identify the suspicious assets activities in a timely manner.
Procedure
- Log on to the Cloud Firewall console.
- In the left-side navigation pane, go to You can perform the follows operations on External Connections page:
- Monitor the summaries on external connection data, including the amounts of external
domains, external IP addresses, assets request for external connections and the relevant
protocols.
- Monitor the outbound traffic analysis, including the average traffic and peak traffic.
- Monitor the Top 10/20/50 traffic of external connections, with the relevant IP address,
request/response rate, and logs recorded by Cloud Firewall.
- Monitor the protocol analysis for external connections, including the information
on applications, ports and corresponding connection numbers.
- View the protocol details, and follow or ignore the specified protocols.
- View the protocol details, and follow or ignore the specified protocols.
to check your assets' external connection activities.
- Monitor the summaries on external connection data, including the amounts of external
domains, external IP addresses, assets request for external connections and the relevant
protocols.
Internet Access

VPC Access

IPS Analysis

Procedure
- Log on to the Cloud Firewall console.
- In the left-side navigation pane, go to .
- In the Direction area, click Inbound or Outbound to view the corresponding blocked inbound or outbound traffic.
- Select Time by one hour, one day, last seven days, one month, or a custom time range to display
the required blocking traffic.
You could monitor the following information on the blocked traffic:
- the most blocked source locations
- blocked destination IP addresses
- blocked applications
- IPS settings
- blocked event list
In the blocked event list, specify the blocking source, direction, defense status, detection time, or source IP address to search for blocking events and to view details.
All Access Activities

Procedure
- Log on to the Cloud Firewall console.
- In the left-side navigation pane, go to You can view the historical trends for all the access activities in the last 15 minutes, 1 hour, 4 hours, 1 day, 7 days, or a custom time range.Note You can specify any time range without limitations.Select a search condition from the Condition drop-down list and enter or select the condition details. Click Search to query the historical traffic trend based on the selected condition.
In the Rankings of Visits by Traffic area, view the top 10 source regions and application types with the most requested inbound/outbound traffic and top N session addresses. You can also view the percentage of each source location, application protocol, or session address.
.