You can configure access control policies in Cloud Firewall to control the inbound and outbound traffic of your servers. This reduces the possibility of intrusions into your assets.

Items in an access control policy

An access control policy is used to determine whether to allow, deny, or monitor traffic based on the following items.
  • CIDR block: The access control policy controls the traffic from or to a specific CIDR block.
  • IP address book: The access control policy controls the traffic from or to specific CIDR blocks.
  • Area: The access control policy controls the traffic from or to specific geographic areas.
  • Domain name: The access control policy controls the traffic based on the domain names for which the traffic is destined.
  • Protocol type: The access control policy controls the traffic based on the protocols of the traffic.
  • Port: The access control policy controls the traffic on specific ports.
  • Application type: The access control policy controls the traffic based on the application types of the traffic.

Limits on the number of access control policies in each Cloud Firewall edition

The number of access control policies that you can create varies based on the Cloud Firewall edition. For more information, see Features and billable items of each edition.

Limits on the number of policies that you can create on an internal firewall between ECS instances

By default, you can create up to 100 policy groups and 100 policies in each group. The policies include those synchronized from Elastic Compute Service (ECS) security groups to Cloud Firewall and those created on the Internal Firewall tab of the Cloud Firewall console.
Note If you require more policies, we recommend that you delete unnecessary policies or submit a ticket for technical support.

References