All Products
Search
Document Center

Cloud Firewall:View traffic data for assets that access the internet

Last Updated:Jun 20, 2026

Use Outbound Connection reports to view how your assets access the internet. These reports help you trace abnormal outbound traffic, identify internet destination addresses, and monitor connections from public and private assets. This allows you to investigate suspicious assets and secure your services.

Prerequisites

The Internet firewall is enabled. For more information, see Internet firewall.

Visualized analysis

The Traffic Analytics tab displays the peak total traffic for all your private and public IP addresses, an overall traffic trend chart, and top outbound traffic statistics. This helps you monitor the details of your assets' outbound traffic in real time.

  1. Log on to the Cloud Firewall console. In the left-side navigation pane, choose Analysis > Outbound Connections.

  2. In the upper-right corner of the Outbound Connections page, select a time range and click Traffic Analytics.

  3. On the Traffic Analytics tab, view the following information:

    Data

    Description

    Actions

    IP Traffic

    Public IP Address (traffic redirected by the Internet firewall): Displays the peak total response traffic for all public IP addresses, such as the public IP addresses of ECS instances or the EIPs of NAT Gateways, within the specified time range. The results are sorted by response traffic in descending order.

    • Use the search tool in the IP traffic table to select a public or private IP address and view its IP type and peak total traffic.

    • Click Public IP Address or Private IP Address. All charts on the Visualized Analysis tab, including the IP Traffic Trend, Top IP Traffic, and Top 10 Outbound Traffic charts, are updated to display data for the selected asset type.

    • In the Actions column:

      • View Logs: Opens the Log Audit page to display traffic logs for the IP address.

      • View Outbound Details: Opens the Outbound Traffic tab to display outbound connection details for the IP address.

      • View Trends: Displays the peak traffic and trend for the IP address in the IP traffic chart.

    • Export traffic data: Click the image icon to export traffic data for public and private IP addresses.

    Private IP address (traffic redirected by the NAT firewall): Displays the peak total response traffic for the private IP addresses of all ECS instances within the specified time range. The results are sorted by response traffic in descending order. The instance's virtual private cloud (VPC) must be associated with a NAT Gateway.

    Traffic Trend Chart

    Displays the real-time trend of peak total request and response traffic for all or specified network assets.

    Hover over any point on the trend chart to view the peak request and response traffic at that moment.

    Top Traffic Consumers

    Displays statistics for the top 10 destination regions, destination carriers, session percentages, and ports for outbound traffic.

    None.

    Click View Logs in the upper-right corner of the list to view traffic logs for the Internet firewall on the Traffic Logs tab of the Log Audit page. For more information, see Log Audit.

View outbound data

The statistics area on the Outbound Connection page provides a quick overview of normal and abnormal outbound traffic from your assets. Based on the abnormal traffic statistics, you can conduct targeted investigations on the Outbound Connections tab to secure your assets promptly.

  1. Log on to the Cloud Firewall console. In the left-side navigation pane, choose Analysis > Outbound Connections.

  2. In the upper-right corner of the Outbound Connections page, select a time range to view the following information in the statistics area and on the Outbound Connections tab.

    The Outbound Traffic tab contains five subtabs: Outbound Domains, Outbound IP Addresses, Outbound Public Assets, Outbound Private Assets, and Outbound Connection Protocol. For example, on the Outbound Public Assets tab, you can filter assets by asset type, asset region, and other conditions. The table displays information such as Asset IP, Asset type, Instance ID/name, Region, Traffic, Requests, and Security risk. The Actions column provides options such as View Outbound Details and Mark as Followed.

    On the Outbound Traffic tab, select the Outbound Private Assets subtab. You can filter assets by conditions such as All asset regions, All assets, and Asset private IP. The list includes columns such as Asset IP, NAT Gateway ID/name, Instance ID/name, Region, Outbound Domains/Outbound IPs, Traffic, Requests, and Security risk. The Actions column provides options such as View Outbound Assets and Mark as Followed.

    You can also specify a custom query on the Outbound Connections tab to search for all traffic data within a seven-day period.

    Data

    Description

    Actions

    Outbound Domains

    Displays the number of at-risk domains and the total number of domains that your assets access on the internet.

    In the Data statistics area, click the Outbound Domains or Outbound Destination IPs card to navigate to the Outbound Connections > Outbound Domains or Outbound Connections > Outbound Destination IPs tab.

    To secure your assets, perform the following operations on identified at-risk domains or destination IPs.

    • Configure an outbound access control policy to block outbound traffic from assets

      Click Configure ACL to open the access control settings for the Internet firewall.

      For more information, see Configure an access control policy for the Internet firewall.

    • View the intelligence profile of an outbound domain or destination IP to understand the destinations to which your assets connect

      Click View Intelligence Profile to display analysis data for the domain or destination IP.

      For more information, see View the intelligence profile for an outbound domain or destination IP.

    • View outbound domain details to determine if the traffic is required by your services

      Click an outbound domain to view its details.

      On the Outreach public network assets and Extranet assets tabs, view information about the outbound ECS instances. Click View Logs to inspect the traffic logs on the Log Audit page.

      For more information, see Log Audit.

    • Add to an address book to centrally manage domains and destination IPs

      Click the 1 icon and then click Add to Address Group to open the Address Book management page.

      For more information, see Address Book.

    • Mark an entry as followed to prioritize it for monitoring

      Click the 1 icon and then click Mark as Followed to add a star to the entry.

    • Unfollow an entry

      Click Watchlist in the upper-right corner of the list. In the Watchlist panel, unfollow specified destination domains, destination IPs, public asset IPs, or private asset IPs.

    • Add to the Whitelist

      Click the 1 icon and then click Add to Allowlist. Once added to the Whitelist, the entry is no longer analyzed and does not appear in the list.

      You can add a maximum of 100 entries to the Whitelist. The Outbound Connection Whitelist supports only exact-match domains and does not support wildcard domains. Wildcard domains have no effect.

      For example, if you add a wildcard domain such as *.example.com to the Outbound Connection Whitelist, Cloud Firewall still generates alerts for outbound traffic from your assets to that domain. We recommend that you add exact-match domains to the Whitelist.

    • Remove from the Whitelist

      Click Allowlist in the upper-right corner of the list. In the Allowlist panel, remove a destination domain or IP from the Whitelist. After an entry is removed, it appears in the list again.

    • View traffic log details to determine if the traffic is required by your services

      Click the 1 icon and then click View Logs to open the traffic logs tab of the Log Audit page.

      For more information, see Log Audit.

    Outbound Destination IPs

    Displays the number of at-risk destination IPs and the total number of destination IPs that your assets access on the internet.

    Public Outbound Assets

    Displays the number of at-risk assets and the total number of assets that initiate outbound connections to the internet by using public IP addresses, such as EIPs.

    In the Data statistics area, click the Public Outbound Assets or Private Outbound Assets card to navigate to the Outbound Connections > Public Outbound Assets or Outbound Connections > Private Outbound Assets tab to view details.

    • Mark an entry as followed to prioritize it for monitoring

      Click Add to Watchlist to add a star to the entry.

    • Unfollow an entry

      Click Watchlist in the upper-right corner of the list. In the Watchlist panel, unfollow specified destination domains, destination IPs, public asset IPs, or private asset IPs.

    • View traffic log details to determine if the traffic is required by your services

      Click View Logs to go to the traffic logs tab of the Log Audit page.

      For more information, see Log Audit.

    Private Outbound Assets

    Displays the number of at-risk private assets and the total number of private assets that initiate outbound connections to the internet through a NAT Gateway.

    Outbound Protocol Analysis

    Displays the number and percentage of unidentified protocols out of all protocols that your assets use to access the internet.

    In the Data statistics area, click the Outbound Protocol Analysis card to go to the Outbound Connections > Outbound Protocol Analysis tab to view details.

    View traffic log details to determine if the traffic is required by your services: Click View Logs to go to the traffic logs tab of the Log Audit page.

    For more information, see Log Audit.

    Note

    Supported protocols include HTTPS, HTTP, MQTT, DNS, Redis, MySQL, Zabbix, RTP, SSH, and MongoDB.

View intelligence profiles

On the Outbound Domains or Outbound Destination IPs tab, click View Intelligence Profile to display detailed analysis data. This helps you determine if the intelligence tags for an outbound domain or destination IP are accurate.

If a tag is inaccurate, you can click IOC Feedback to report the issue.

The Intelligence Profile page displays basic information about a domain, such as the number of resolved IPs in the last 30 days, confidence score, number of subdomains, registration date, and expiration date. It also shows threat tags and recent activity. The page includes the following tabs: Threat Overview, Threat Details, WHOIS, DNS Resolution, Related Subdomains, Related Samples, Related URLs, Digital Signature, and Related Security News. In addition, the page provides an ATT&CK matrix mapping and a domain access trend chart.

Export outbound connection data

On the Outbound Connections tab, click the 下载 icon in the upper-right corner of the list to download data for outbound domains, outbound destination IPs, outbound public assets, outbound private assets, and outbound connection protocols. The data downloads to your computer in CSV format for review and analysis.

Related topics