You can view information about the outbound connections from your assets to the Internet on the Outbound Connection page. The information includes the trace information about outbound traffic, destination addresses that are accessible on the Internet, and outbound connections of Internet-facing and internal-facing assets. This helps you identify suspicious assets and ensure business security.
Prerequisites
The Internet firewall is enabled. For more information, see Internet Firewall.
Visualized analysis
The Visualized Analysis tab displays the peak traffic of all private and public IP addresses, the traffic trend charts of all IP addresses, and the statistics on outbound traffic. This helps you monitor the outbound traffic of your assets in real time.
Log on to the Cloud Firewall console. In the left-side navigation pane, choose .
In the upper-right corner of the Outbound Connection page, select a time range from the drop-down list and click the Visualized Analysis tab.
On the Visualized Analysis tab, view the information described in the following table.
Section
Description
Supported operation
IP Traffic
Private IP Address (traffic redirected by NAT firewalls): This tab displays the peak response traffic for the private IP addresses of Elastic Compute Service (ECS) instances within the specified time range in descending order. The virtual private clouds (VPCs) to which the ECS instances belong must be associated with a NAT gateway.
You can specify a public IP address or a private IP address in the search box and view the IP address type and peak of total traffic for the specified IP address.
You can click the icon next to a public IP address or a private IP address. The chart on the right side shows the trend of the outbound traffic for the IP address.
On the Public IP Address tab, you can click a public IP address to view the peak of total traffic for the private IP address that is associated with the public IP address.
For example, if you click a public IP address of an ECS instance, you can view the peak of total traffic of the private IP address of the ECS instance. If you click an elastic IP address (EIP) that is used for a NAT gateway, you can view the peak of total traffic for all private IP addresses that passes through the EIP.
On the Private IP Address tab, you can click a NAT gateway to view the peak of total traffic for each private IP address that passes through the NAT gateway, and the name and ID of the NAT gateway.
On the Private IP Address tab, you can click a NAT firewall to view the peak of total traffic for each private IP address that passes through the NAT firewall, and the name and ID of the NAT firewall.
You can click the icon next to an IP address to go to the Log Audit page. On the Log Audit page, you can view the traffic logs of the IP address. For more information, see Log audit.
You can click the icon next to an IP address. You are redirected to the Outbound Connection page. On the page, you can view the statistics on outbound connections of the IP address. For more information, see Outbound Connection.
You can click the icon to export the statistics on the traffic of private and public IP addresses.
Public IP Address (traffic redirected by the Internet firewall): This tab displays the peak response traffic of public IP addresses, such as public IP addresses of ECS instances and EIPs that are used for NAT gateways, within the specified time range in descending order.
Outbound Traffic Trend
This section displays the trends of peak request and response traffic of specific assets or all network assets in real time.
You can move the pointer over a position in the trend chart to view the peak request and response traffic at the point in time that corresponds to the position. In the Outbound Traffic Trend section, you can click a point in time on the x-axis to refresh the rankings in the IP Traffic section.
Rankings of Visits by Traffic
This section displays the top 10 destination locations, top 10 destination service providers, top 10 IP address ranges based on session percentages, and the statistics on ports.
None.
You can click View Logs in the upper-right corner of the Outbound Traffic Trend section to go to the Traffic Logs tab of the Log Audit page and view the traffic logs of the Internet firewall. For more information, see Log audit.
View the statistics on outbound connections
The data statistics section on the Outbound Connection page displays the statistics on usual and unusual outbound traffic of your assets. You can troubleshoot unusual traffic on the Outbound Traffic tab based on the statistics to ensure the security of outbound traffic for your assets.
Log on to the Cloud Firewall console. In the left-side navigation pane, choose .
In the upper-right corner of the Outbound Connection page, select a time range from the drop-down list. Then, you can view the information in the data statistics section and on the Outbound Traffic tab. The following table describes the information.
You can specify a custom time range within the previous seven days on the Outbound Traffic tab to search for statistics.
Tab
Description
Supported operation
Outbound Domains
The number of at-risk domain names and the total number of domain names in outbound connections. The outbound connections are initiated from your assets to the domain names that are accessible on the Internet.
You can click a number below Outbound Domains in the data statistics section to go to the
tab or click Destination IP Addresses to go to the tab.You can perform the following operations on an at-risk domain name or IP address based on your business requirements to protect your assets:
Configure an outbound access control policy to block the outbound traffic of assets
Click Configure Access Control Policy to go to the Access Control > Internet Border page. For more information, see Create access control policies for the Internet firewall.
View the intelligence profile of an outbound domain name or IP address
Find a domain name or an IP address and click View Intelligence Profile in the Actions column to view the analysis data of the domain name or IP address. For more information, see View the intelligence profile of an outbound domain name or IP address.
View the details of an outbound domain name to determine whether traffic is required for your workloads
Click an outbound domain name to view the details of the domain name.
On the Outreach public network assets and Extranet assets tabs of the panel that appears, view the information about the ECS instances that initiated outbound connections. You can also click View Logs in the Actions column to go to the Traffic Logs tab of the Log Audit page. For more information, see Log audit.
Add a domain name or an IP address to an address book for centralized management
On the Outbound Domains or Outbound IP Addresses tab, find a domain name or an IP address, click the icon in the Actions column, and then click Add to Address Book. You are redirected to the Create Address Book panel of the Address Books page. For more information, see Manage address books.
Mark a domain name or an IP address as followed
Find a domain name or an IP address, click the icon in the Actions column, and then click Mark as Followed.
Unfollow a domain name or an IP address
On the Outbound Domains or Outbound IP Addresses tab, click Followed in the upper-right corner. In the Followed panel, unfollow a destination domain name, destination IP address, public IP address, or private IP address.
Add a domain name or an IP address to the whitelist
On the Outbound Domains or Outbound IP Addresses tab, find a domain name or an IP address, click the icon in the Actions column, and then click Add to Whitelist to add the domain name or IP address to the whitelist. This way, Cloud Firewall no longer analyzes the domain name or IP address, and the information about the domain name or IP address is no longer displayed.
You can add up to 100 domain names or IP addresses to the whitelist. The whitelist supports only exact-match domain names.
For example, if you add the wildcard domain name *.example.com to the whitelist, Cloud Firewall continues to generate alerts for traffic from service assets to the domain name. We recommend that you add exact-match domain names to the whitelist.
Remove a domain name or an IP address from the whitelist
On the Outbound Domains or Outbound IP Addresses tab, click Whitelist in the upper-right corner. In the Whitelist panel, find a domain name or an IP address and click Remove from Whitelist in the Actions column. This way, the information about the domain name or IP address is displayed on the Outbound Connection page again.
View the details of traffic logs to determine whether the traffic is required for your workloads
On the Outbound Domains or Outbound IP Addresses tab, find a domain name or an IP address, click the icon in the Actions column, and then click View Logs. You are redirected to the Traffic Logs tab of the Log Audit page. For more information, see Log audit.
Outbound IP Addresses
The number of at-risk destination IP addresses and the total number of destination IP addresses in outbound connections. The outbound connections are initiated from your business to the IP addresses that are accessible on the Internet.
Outbound Public IP Addresses
The number of at-risk assets and the total number of assets in outbound connections. The outbound connections are initiated from the assets to the Internet by using the public IP addresses of the assets, such as EIPs.
You can click a number below Outbound Public IP Addresses in the data statistics section to go to the
tab or click a number below Outbound Private IP Addresses to go to the tab. You can perform the following operations on the tabs:Mark an IP address as followed
Find an IP address and click Mark as Followed in the Actions column.
Unfollow an IP address
In the upper-right corner, click Followed. In the Followed panel, unfollow a destination domain name, destination IP address, public IP address, or private IP address.
View the details of traffic logs to determine whether the traffic is required for your workloads
Find an IP address and click View Logs in the Actions column. You are redirected to the Traffic Logs tab of the Log Audit page. For more information, see Log audit.
Outbound Private IP Addresses
The number of at-risk internal-facing assets and the total number of internal-facing assets in outbound connections. The outbound connections are initiated from the assets to the Internet by using the IP addresses of NAT gateways.
Outbound Connection Protocol
The analysis results of protocols that are used in outbound connections. The outbound connections are initiated from your business to the Internet. The results include the number of unidentified protocols, the total number of used protocols, and the proportion of unidentified protocols to all used protocols.
You can click a number below Outbound Protocol Analysis in the data statistics section to go to the
tab. On the tab, you can perform the following operations:You can view the details of traffic logs and determine whether the traffic is required for your workloads: Find a protocol and click View Logs in the Actions column. You are redirected to the Traffic Logs tab of the Log Audit page. For more information, see Log audit.
View the intelligence profile of an outbound domain name or IP address
On the Outbound Domains or Outbound IP Addresses tab, find an outbound domain name or IP address and click View Intelligence Profile in the Actions column to view the detailed analysis data. This helps you check whether the intelligence tags added to the domain name or IP address are accurate.
If an intelligence tag is inaccurate, you can click IOC Feedback to report the issue.
Export the statistics on outbound connections
You can click the icon in the upper-right corner of the Outbound Traffic tab to export the statistics on outbound connections to your computer in the CSV format. The statistics include outbound domain names, outbound destination IP addresses, assets that initiate outbound connections by using public IP addresses, assets that initiate outbound connections by using private IP addresses, and protocols that are used in outbound connections. This allows you to view and analyze the statistics.
References
For more information about the protected Internet traffic bandwidth of Cloud Firewall, see Subscription and Pay-as-you-go.
For more information about how to view the details of inbound traffic to your service assets over the Internet, see Internet Exposure.
What do I do if the volume of my business traffic exceeds the purchased bandwidth of Cloud Firewall?
Intelligence tags are displayed on the Outbound Connection page. What are the meanings of the tags?