All Products
Search
Document Center

Cloud Config:cfw-ips-patchrules-on

Last Updated:Jun 17, 2026

Checks whether virtual patching is enabled for the intrusion prevention system (IPS) of Cloud Firewall. If virtual patching is enabled, the evaluation result is Compliant.

Scenarios

If system vulnerabilities cannot be patched promptly, you can enable virtual patching for the IPS of Cloud Firewall to block attacks that exploit known vulnerabilities and protect your business systems from being compromised.

Risk level

Default risk level: medium.

When you apply this rule, you can change the risk level based on your business requirements.

Compliance evaluation logic

If virtual patching is enabled for the IPS of Cloud Firewall, the evaluation result is Compliant. With virtual patching enabled, Cloud Firewall provides real-time protection against common high-risk and urgent vulnerabilities that can be remotely exploited, by applying hot patches at the network layer. This intercepts vulnerability exploits in real time and prevents business interruption while vulnerabilities are being fixed. If Cloud Firewall is in use but virtual patching is disabled, the evaluation result is Non-compliant.

Rule details

Parameter

Description

Rule template name

cfw-ips-patchrules-on

Rule template identifier

cfw-ips-patchrules-on

Automatic remediation

ACS-Cloudfw-ModifyIPSConfig supported

Trigger type

Periodic: Every 24 hours

Supported resource type

ACS::::Account

Input parameter

None

Non-compliance remediation

For more information, see IPS configuration.