All Products
Search

This Product

    Cloud Firewall:[Announcement] Update of destination address book types in access control policies

    Document Center

    Cloud Firewall:[Announcement] Update of destination address book types in access control policies

    Last Updated:Apr 02, 2024

    Dear Alibaba Cloud users,

    Starting February 22, 2024, Cloud Firewall updates the Internet Firewall and NAT Firewall features to optimize the destination address book types of access control policies and improve the domain name recognition rate of the Internet firewall and NAT firewalls.

    Time

    Starting February 22, 2024.

    Impacts

    After the update, if you use threat intelligence address books or cloud service address books when you create or modify access control policies, the protocols and applications specified in specific policies may change. If your access control policies are created by calling API operations, modify the policies at the earliest opportunity.

    Involved access control policy type

    Before

    After

    Access control policy of the Internet firewall that is created or modified based on a threat intelligence address book of the IP address type

    You can set the Protocol Type and Application parameters only to ANY.

    No impact.

    Access control policy of the Internet firewall that is created based on a threat intelligence address book of the domain name type

    You can set the Protocol Type and Application parameters only to ANY.

    You can set the Protocol Type parameter only to TCP, and the Application parameter to HTTP, HTTPS, SMTP, SMTPS, or SSL.

    Access control policy of the Internet firewall that is modified based on a threat intelligence address book of the domain name type

    You can set the Protocol Type and Application parameters only to ANY.

    You can set the Protocol Type parameter to TCP or ANY.

    • If you set the Protocol Type parameter to TCP, you can set the Application parameter to HTTP, HTTPS, SMTP, SMTPS, or SSL.

    • If you set the Protocol Type parameter to ANY, you can set the Application parameter only to ANY.

    Access control policy of the Internet firewall that is created based on a cloud service address book

    You can set the Protocol Type parameter to TCP, UDP, ICMP, or ANY, and the Application parameter to all values.

    • If you use an address book of the IP address type, you can set the Protocol Type and Application parameters only to ANY.

    • If you use an address book of the domain name type, you can set the Protocol Type parameter only to TCP, and the Application parameter to HTTP, HTTPS, SMTP, SMTPS, or SSL.

    Access control policy of the Internet firewall that is modified based on a cloud service address book

    You can set the Protocol Type parameter to TCP, UDP, ICMP, or ANY, and the Application parameter to all values.

    • If you use an address book of the IP address type, you can set the Protocol Type and Application parameters only to ANY.

    • If you use an address book of the domain name type, you can set the Protocol Type parameter to TCP or ANY.

      • If you set the Protocol Type parameter to TCP, you can set the Application parameter to HTTP, HTTPS, SMTP, SMTPS, or SSL.

      • If you set the Protocol Type parameter to ANY, you can set the Application parameter only to ANY.

    Access control policy that is created for a NAT firewall based on a threat intelligence address book

    Not supported.

    • If you use an address book of the IP address type, you can set the Protocol Type and Application parameters only to ANY.

    • If you use an address book of the domain name type, you can set the Protocol Type parameter only to TCP, and the Application parameter to HTTP, HTTPS, SMTP, SMTPS, or SSL.

    If you have questions, submit a ticket.