The Internet Exposure page shows inbound traffic from the Internet to your cloud assets, including trace information about unusual inbound traffic and the count of open public IP addresses, open ports, open applications, and public IP addresses of cloud services. Use this page to spot suspicious exposure patterns and take action before they become incidents.
Prerequisites
Before you begin, ensure that you have:
The Internet firewall enabled. For more information, see Internet firewall
How it works
The Internet Exposure page has two main views:
| View | What it covers | Lookback window |
|---|---|---|
| Visualized Analysis | Real-time traffic charts across all public IP addresses | Up to 30 days |
| Exposure Details | Breakdown of open public IP addresses, open ports, open applications, and assets; exportable as CSV | Up to 7 days |
Visualized Analysis
The Visualized Analysis tab shows peak inbound traffic across all your public IP addresses and highlights which sources and destinations generate the most activity.
Log on to the Cloud Firewall console. In the left-side navigation pane, choose Traffic Analysis > Internet Exposure.
Select a time range from the drop-down list in the upper-right corner, then click the Visualized Analysis tab. The time range can be a preset period or a custom range within the previous 30 days.
Review the sections described in the following table.
| Section | What it shows | What to look for |
|---|---|---|
| IP Traffic | Total peak inbound traffic per public IP address, with IP address type. | IPs with unexpectedly high peak traffic may indicate scanning activity or data exfiltration attempts. Click  to see the traffic trend for a specific IP. Click  to view traffic logs in Log Audit. Click  to check outbound connections for the same IP. |
| Inbound Traffic Trend | Peak request and response traffic across all assets in real time. | Sudden spikes in request traffic without a corresponding response increase may signal volumetric attacks. Move the pointer over the chart to see traffic at a specific point in time. Click a point on the x-axis to refresh the IP Traffic rankings for that moment. |
| Rankings of Visits by Traffic | Top 10 source locations, top 10 IP address ranges by session percentage, top 10 source IP addresses, and statistics on at-risk ports. | High-volume source IP addresses or unusual geographic origins warrant further investigation. A large share of sessions from a single IP address range can indicate automated or coordinated access. |
View Internet exposure statistics
The Data Statistics section and Exposure Details tab display statistics of usual and unusual inbound traffic for your assets. Use this view to troubleshoot unusual traffic and prioritize which assets to investigate or restrict.
Log on to the Cloud Firewall console. In the left-side navigation pane, choose Traffic Analysis > Internet Exposure.
Select a time range from the drop-down list in the upper-right corner. The time range can be a preset period or a custom range within the previous 7 days.
Review the statistics in the Data Statistics section and on the Exposure Details tab.
| Parameter | What it shows | Actions |
|---|---|---|
| Open Public IP Addresses | Total open public IP addresses and how many are flagged as at-risk. | On the Open Public IP Addresses tab, click View Details in the Actions column to see access details for a specific IP address. From there, you can also: click Configure Access Control Policy to go to Access Control > Internet Border and create an inbound or outbound policy; click Add to Address Book to add the IP to an address book for centralized management; click  > View Logs to open the Traffic Logs tab in Log Audit. |
| Open Ports | Total open ports and how many are flagged as at-risk. | On the Open Ports tab, click View Details in the Actions column to see access details for a specific port. |
| Open Applications | Total open applications and how many are flagged as at-risk. | On the Open Applications tab, click View Details in the Actions column to see access details for a specific application. |
| Details | Traffic statistics across all assets. | On the Details tab, click View Details in the Actions column to see access details for a specific asset. |
| Cloud Services | Number of public IP addresses receiving inbound traffic that accesses cloud services. | None. |
Export Internet exposure statistics
Click the 
icon in the upper-right corner of the Exposure Details tab to export data for open public IP addresses, open ports, open applications, assets, and cloud services as a CSV file.
What's next
Create access control policies for the Internet firewall to restrict traffic from at-risk IP addresses or ports.
Manage address books to group IP addresses for easier policy management.
Log audit to review detailed traffic logs.
Outbound Connection to analyze outbound traffic patterns for assets flagged in Internet Exposure.
Identify unusual traffic at the Internet border for a walkthrough of a traffic investigation.
References
Subscription and Pay-as-you-go for information about the protected Internet traffic bandwidth included in each billing model.
What do I do if the volume of my business traffic exceeds the purchased bandwidth of Cloud Firewall?