Differences between the features supported by different Cloud Firewall editions - Cloud Firewall

Before purchasing Cloud Firewall, select an appropriate edition based on your business requirements, feature differences between editions, and costs. Understanding the features of each edition will help you make an informed decision.

Feature list

The following table describes the features supported by different Cloud Firewall editions.

Note

: indicates that the feature is not supported.
: indicates that the feature is supported.

Feature name	Function overview	Free Edition	Pay-as-you-go Edition	Pro Edition	Enterprise Edition	Ultimate Edition	References
Overview	Provides an overview of Cloud Firewall's defense capabilities, displaying statistics on protected assets, traffic statistics for the last 7 days, and statistics on prevented security risks.						Data overview
Overview	Displays a visual traffic topology of cloud assets protected by Cloud Firewall.						Traffic topology
Firewall switch	Internet firewall protects inbound and outbound traffic between the Internet and public IP assets (including IPv4 and IPv6).						Internet firewall
	NAT firewall protects traffic from private IP assets accessing the Internet through NAT Gateway.						NAT firewall
	The VPC firewall protects traffic between virtual private clouds (VPCs) and traffic between a VPC and a data center.						VPC firewall
Traffic analysis	Outbound connection monitoring: monitors outbound connections from public and private cloud assets to the Internet in real time, and detects unusual traffic promptly.						Outbound connection activities
	Internet exposure: detects in real time the IP addresses, ports, and applications of cloud assets protected by Cloud Firewall that are exposed to the Internet, and provides visual analytics reports.						Internet exposure
	VPC access: monitors traffic between interconnected VPCs in real time, helping you obtain VPC network traffic data in real time and detect and troubleshoot unusual traffic promptly.						VPC access
Attack prevention	Intrusion prevention: actively detects and blocks malicious attacks, exploit attempts, brute-force attacks, worms, mining programs, backdoors, DoS attacks, and other malicious traffic in real time to protect cloud-based enterprise information systems and network architectures.						Intrusion prevention
	Vulnerability protection: automatically synchronizes vulnerabilities detected by Security Center in public-facing assets connected to Cloud Firewall, and provides protection against these vulnerabilities, creating a closed loop of vulnerability detection and protection.						Vulnerability protection
	Breach awareness: helps you detect server intrusion events to prevent significant business losses.						Breach awareness
	Data breach: helps you promptly detect sensitive data leaks and risky payloads during outbound connections from cloud assets, preventing business losses.						Data breach
	The feature provides the built-in threat detection engine and allows you to configure prevention rules. This helps you detect and block intrusions in a more accurate manner. Threat engine operating principles Basic protection Built-in intrusion prevention rules accumulated from Alibaba Cloud security attack and defense practices, accurately blocking malicious port scanning, database attacks, reverse shells, arbitrary code execution, exploits, and other common network attacks in the cloud to prevent server intrusion risks. Virtual patching Supports virtual patching for precise protection against popular vulnerabilities, high-risk 0-day and N-day vulnerabilities without installing patches on business systems, providing timely defense against exploit attacks. Threat intelligence Built-in threat intelligence database of malicious IPs and domain names from Alibaba Cloud's global network (such as malicious access sources, scanning sources, and command and control servers), providing preemptive defense against unknown threats and intrusions, blocking attack behaviors, and preventing large-scale intrusions. Intelligent defense Identifies unknown attacks based on AI technologies and a large amount of data about attacks and attack characteristics. The feature also improves detection of more sophisticated attacks. Protection whitelist Allows you to configure whitelists to allow normal traffic that may have attack characteristics. This ensures that your business can run as expected.						IPS configuration
Access control	Internet border: supports Layer 4-7 access control for inbound and outbound traffic of public IP assets (north-south traffic), effectively preventing external malicious attacks and strictly controlling outbound traffic to prevent untrusted external connections.						Configure Internet firewall access control policies
	NAT border: supports Layer 4-7 access control (north-south traffic) for private IP addresses accessing the Internet through NAT, effectively blocking unauthorized access from internal networks to the Internet.						Configure NAT firewall access control policies
	VPC border: supports access control for traffic between different VPCs, and between VPCs and data centers or third-party clouds (east-west traffic), blocking unauthorized internal traffic while allowing trusted traffic.						Configure VPC firewall access control policies
	Internal firewall: supports access control for inbound and outbound traffic between ECS instances, limiting unauthorized access between ECS instances.						Internal firewall
	Security group check: detects high-risk rules in ECS server security groups and provides remediation suggestions, helping you use security groups more securely and efficiently.						Security group check
	Address book management: supports custom address books, cloud service address books, and threat intelligence address books. You can add multiple IP addresses, ports, or domain names to an address book and reference and automatically update them in access control policies with one click, improving access control policy efficiency.						Address book management
Synchronization nodes	ACK cluster synchronization node: Specially designed for ACK container environments, supports dynamic collection of pod IP addresses and updates them to address books, solving access control challenges caused by frequent IP changes, significantly reducing manual configuration workload, and improving security and management efficiency.						ACK cluster
Synchronization nodes	Private DNS synchronization node: Suitable for enterprises using Private Zone or self-built DNS servers with internal domain name resolution records configured for PaaS or host service applications. Cloud Firewall can automatically obtain the corresponding domain name and IP mapping relationships through the private DNS synchronization node, and use them for domain name application access control policies.						Private DNS
Log monitoring	Log audit: provides 7-day log audit by default, facilitating event tracing and troubleshooting. Supported log types for audit Event log: records the data of events on traffic that passes through Cloud Firewall and hits access control policies. You can view the following information in an event log: the time when an event occurred, threat type, source IP address, destination IP address, application type, and severity. Traffic log: records the data of traffic that passes through Cloud Firewall. You can analyze the traffic and traffic source by using the log analysis feature when an event occurs, and check whether a configured access control policy takes effect. Operation log: records all configurations of Cloud Firewall and the operations that are performed on Cloud Firewall, such as enabling or disabling a firewall and modifying intrusion prevention configurations.						Log audit
Log monitoring	Log analysis: automatically collects, stores, and performs advanced analysis on all traffic logs connected to Cloud Firewall in real time. Storage duration can be customized from 7 to 730 days, and delivery switches can be customized. Supports customized real-time monitoring and alerting based on specific metrics to ensure timely response when critical business anomalies occur.						Log analysis
Business visualization	The feature allows you to create custom groups to build relationships between the applications of your cloud assets and application groups or business groups. Provides information and access relationships of your cloud assets.						Custom grouping Security group visualization Application group visualization
Multi-account centralized management	The feature supports centralized management of multiple accounts. You can share resources and protect access across multiple accounts.						Multi-account centralized management
Alert notification	Notifies you of exceptions that are detected by Cloud Firewall by text message or email at the earliest opportunity. The exceptions include unusual traffic, compromised hosts, suspicious outbound connections, vulnerabilities, unprotected public IP addresses, and disabled intrusion prevention. Note Cloud Firewall Free Edition supports only the Weekly Report notification item.						Alert notification

References

For more information about Cloud Firewall features, see Pre-sales FAQ.
For information about the billing method of Cloud Firewall subscription editions (Pro, Enterprise, and Ultimate), see Subscription.
For information about the billing method of Cloud Firewall Pay-as-you-go Edition, see Pay-as-you-go.
For information about how to purchase Cloud Firewall, see Purchase Cloud Firewall.