How to choose the appropriate Cloud Firewall edition

Cloud Firewall includes the Advanced Edition, Enterprise Edition, and Flagship Edition. The features and asset or bandwidth scaling specifications vary according to the edition. For more information, see Features.

Configure access policies for out-in traffic

In access policies for out-in traffic, do not allow access to all ports from public IP addresses. Open only necessary Internet IP addresses and ports. Block access to all the other ports.

  1. Allow access traffic to necessary applications or ports.
    On the Access Control page, click the Out-In Traffic tab. Add an access policy. Set the source to 0.0.0.0/0 or a specific IP address. You can also set the source to the default address book ANY (0.0.0.0/0) or a specific IP address. Set the destination to the IP address that needs to be accessed or a specific IP address. Set the protocol to ANY or a specific protocol based on business requirements. Set the action to Allow.
    选择

    Example:

    Port 80 is a Web service port that needs to be opened to all public IP addresses. Therefore, set the source to 0.0.0.0/0 for port 80. Ports 1433 and 3389 are SQL Server and RDP service ports, respectively. They are opened only to specific sources. Therefore, set the source to the specific sources for ports 1433 and 3389 respectively.

  2. Block all the other out-in traffic.

    On the Access Control page, click the Out-In Traffic tab. Add an access policy. Set the source to 0.0.0.0/0 or the default address book ANY (0.0.0.0/0). Set both the destination and protocol to ANY. Set the action to Block.

Configure access policies for in-out traffic

We recommend that you do not allow all in-out traffic. Instead, allow only outbound access traffic to necessary public IP addresses or domain names, and block all the other in-out traffic.

  1. Allow outbound access traffic from necessary applications or ports.

    On the Access Control page, click the In-Out Traffic tab. Add an access policy. Set the source to 0.0.0.0/0 or a specific IP address. You can also set the source to the default address book ANY (0.0.0.0/0) or a specific IP address. Set the destination to the domain name or IP address that needs to be accessed or a specific IP address. Set the protocol to ANY or a specific protocol based on business requirements. Set the action to Allow.

  2. Block all the other in-out traffic.

    On the Access Control page, click the In-Out Traffic tab. Add an access policy. Set the source to 0.0.0.0/0 or the default address book ANY (0.0.0.0/0). Set both the destination and protocol to ANY. Set the action to Block.

Enable Cloud Firewall protection and the interception mode for intrusion prevention

After subscribing to the Cloud Firewall service, you can click Protect All on the Firewall Switch page and click Interception Mode on the Intrusion Prevention page. In this way, you can fully protect the security of your assets.