The Internet Firewall feature allows you to detect traffic between the Internet and public IP addresses in Alibaba Cloud. After Cloud Firewall is activated, you can enable or disable this feature for specific public IP addresses under your Alibaba Cloud account. After you enable Internet Firewall for your IP address, you can use Cloud Firewall to analyze and control the traffic between the Internet and on-cloud hosts.
All the protection capabilities of Cloud Firewall are achieved after Cloud Firewall is activated. Cloud Firewall detects and analyzes traffic from public IP addresses only after Internet Firewall is enabled.
After you enable Internet Firewall, the traffic passes through the Cloud Firewall. The default access control policy is set to allow, so no impact is caused on your business. If you need to control specific traffic, you must configure access control policies after you enable Internet Firewall. For more information, see Outbound and inbound traffic control on the Internet firewall.
- Log on to the Cloud Firewall console.
- In the left-side navigation pane, click Firewall Settings.
- On the Internet Firewall tab, enable or disable Internet Firewall for specific public IP addresses.You can enable or disable this feature for individual public IP addresses, or for all public IP addresses under the current Alibaba Cloud account with one click.Note By default, Internet Firewall is disabled for all IP addresses after Cloud Firewall is activated. We recommend that you enable this feature for all IP addresses. After it is enabled, traffic passes through the Internet firewall. However, the default action of access control policies is Allow, so your business is not affected.You can perform the following operations on the Internet Firewall tab to enable or disable Internet Firewall.
- To enable or disable Internet Firewall for all public IP addresses, perform the following
- In the Public IP section, click Batch.
- In the Batch dialog box, click Enable or Disable.
You can also select Enable Protection next to New Assets and click Enable. Then, Internet Firewall is enabled for public IP addresses that are newly added under the current Alibaba Cloud account by default.
- To enable or disable Internet Firewall for one or more public IP addresses, perform
the following steps:
- In the IP address list at the lower section of the page, find the public IP addresses
for which you want to enable or disable Internet Firewall.
You can filter the IP addresses based on Asset Type, Region, and Firewall Status. Alternatively, you can search for IP addresses by using Instance ID/IP.
- Select the IP addresses and click Enable Firewall or Disable Firewall at the lower section of the page. Alternatively, find the IP address and click Enable Firewall or Disable Firewall in the Actions column.Due to network limits, Internet Firewall cannot be enabled for some public IP addresses of SLB instances. For such IP addresses, the Enable Firewall button is dimmed. When you move your pointer over this button, the message "You cannot enable Cloud Firewall for this IP address because the network where the SLB instance is located does not support Cloud Firewall." appears. We recommend that you use another security service, such as Web Application Firewall, to protect these public IP addresses.
- In the IP address list at the lower section of the page, find the public IP addresses for which you want to enable or disable Internet Firewall.
- To enable or disable Internet Firewall for all public IP addresses, perform the following operations: