The Overview page gives you a unified view of your Cloud Firewall security posture — active threats, protection coverage, traffic patterns, and policy status — all in one place. Use it to spot issues quickly and jump directly to the relevant page to take action.
Cloud Firewall instances are managed by a control plane in the Singapore region.
Overview tab
Log on to the Cloud Firewall consoleCloud Firewall console and click Overview in the left navigation pane. The Overview tab contains the following sections.
Protection status
Displays your Cloud Firewall edition and current instance specifications. The available actions vary by edition:
| Action | Description |
|---|---|
| Temporary Bandwidth Upgrade | Temporarily increase the processing capacity for Internet traffic and VPC traffic on an hourly basis. At the specified restoration time, the capacity is automatically restored to its previous level. For more information, see Upgrade and downgrade. |
| Change Specifications | Upgrade your edition or adjust service specifications. For more information, see Upgrade and downgrade. |
| Renewal | Manually renew your instance. For more information, see Renewal policy. |
| Auto-renewal | When enabled, the system automatically deducts fees and renews your subscription nine days before it expires — only if your account balance is sufficient. For more information, see Renewal policy. |
| Release | Manually release an instance within the period from 15 days before to 7 days after its expiration date. Disable the firewall during off-peak hours. After you confirm that your services run as expected, you can release the instance. For more information, see Release an instance. |
| More | View details such as Internet traffic processing capacity, traffic peak in the last 7 days, number of Protected Public IP Addresses, VPC traffic processing capacity, recent traffic peak, number of VPC firewalls, log audit storage capacity, and number of accounts available for multi-account authorization. |
Unhandled events
Displays the count of threats recently detected on your protected assets, including Compromised Hosts, Detected Vulnerabilities, Open Ports, and Suspicious Outbound Connections.
Click Handle Now to locate and respond to the anomalous activity. For guidance on each type, see:
Add asset for protection
Shows the protection status of your assets:
Public IP addresses: which assets are protected by the Internet firewall and which are not
VPC firewalls: how many are created versus not created
NAT firewalls: how many are created versus not created
Security groups: how many are protected by the internal firewall
Click the count of unprotected assets to go to the Firewall Settings page and enable the corresponding firewall. For more information, see Internet firewall, (To be deprecated) Enable or disable a VPC firewall, and NAT firewall.
Click View Details and Bills in the upper-right corner to go to the Bill Management page.
Security protection
Shows recent security protection event counts for your assets, including Total Attacks Blocked, Blocked Intrusion Attacks, Attacks Blocked by Access Control Policies, Blocked Vulnerability Attacks, and Sensitive Data Leak Events.
Click Show to break down data by protection module. For more information, see:
Security policies
Shows the count of Intelligent Policies and Total Access Control Policies, plus the change in the last 7 days.
Click the count of pending intelligent policies to open the Recommended Intelligent Policy panel on the Access Control page, where you can review and apply Cloud Firewall's recommendations. For more information, see Intelligent policies.
Click the total count of ACL policies to go to the Access Control page and manage each policy.
Latest updates
Shows recent update records for Virtual Patching, Basic Protection, and Feature Updates. Click each tab to view the corresponding records.
Traffic trend
This section is not available for pay-as-you-go Cloud Firewall instances. VPC firewall data is shown only for Cloud Firewall Enterprise Edition and Ultimate Edition.
Shows recent traffic patterns for the Internet firewall and VPC firewalls.
Internet firewall data:
Traffic Trend tab: Hover over the chart to view inbound and outbound traffic at a specific time. Click the icon next to a peak value, then click View to navigate to the Internet Exposure page or Outbound Connection page for details.
Inbound traffic = Internet exposure request traffic + Internet exposure response traffic
Outbound traffic = Outbound connection request traffic + Outbound connection response traffic
Because Cloud Firewall aggregates traffic based on peak values over a period, the total peak traffic is less than or equal to the sum of the request and response traffic peaks.
Trend of Blocked Inbound Traffic tab: Hover over the chart to view the number of blocked inbound sessions at a specific time. The peak count appears in the upper-left corner.
Trend of Blocked Outbound Traffic tab: Hover over the chart to view the number of blocked outbound sessions at a specific time. The peak count appears in the upper-left corner.
The Internet firewall shows traffic for public IP addresses only. To view traffic for private IP addresses, enable a NAT firewall.
VPC firewall data:
Trend of Handled Traffic Between VPCs tab: Hover over the chart to view the total deduplicated VPC traffic sessions at a specific time. Click View Details to open the VPC Traffic Details panel. You can also click View Details in the Actions column of a target VPC to go to the VPC Access Activity page. For more information, see VPC Access.
Trend of Blocked Sessions Between VPCs tab: Hover over the chart to view the number of blocked VPC sessions at a specific time. The peak count appears in the upper-left corner.
To change the time range, click the time drop-down list in the upper-right corner.
If your actual service traffic exceeds your purchased protection bandwidth, Cloud Firewall protects traffic only up to the purchased bandwidth limit. Traffic beyond that limit is not protected by default — upgrade your bandwidth to maintain full coverage. For more information, see Upgrade and downgrade. For troubleshooting steps, see What do I do if my service traffic exceeds the bandwidth supported by Cloud Firewall?
Scenario data
Shows risk statistics and protection details for specific attack patterns recently detected on your assets.
To change the time range, use the drop-down list in the upper-right corner. Click a tab to view data for that scenario:
| Tab | Data shown |
|---|---|
| Brute-force Attacks | Attack statistics and a ranking of the most targeted applications and assets |
| Scan | Scan risk statistics and a ranking of the most scanned applications and assets |
| Mining | Mining virus attack statistics and a ranking of the most targeted applications and assets |
| Database Attack | Database protection event statistics and a ranking of the most targeted applications and assets |
Traffic topology visualization tab
This feature is available only in Cloud Firewall Enterprise Edition and Ultimate Edition.
The Traffic Topology Visualization tab displays a topology graph of your protected cloud assets, showing traffic at the Internet border and VPC border.
Click Overview in the left navigation pane, then click the Traffic Topology Visualization tab. The tab contains the following sections.
Overview section
Displays a summary of your protection coverage and activity:
| Field | Description |
|---|---|
| Total IP Addresses | Total number of public IP addresses across all assets in your Alibaba Cloud account |
| Unprotected IP Addresses | Number of public IP addresses without the firewall enabled. Click Enable Firewall to go to the Internet Firewall tab of the Firewall Settings page. |
| Total Network Elements | Total number of network elements in your Alibaba Cloud account |
| Unprotected | Number of network elements (VPCs, VBRs, transit routers (TRs), VPN gateways, and Cloud Enterprise Network (CEN) instances) not protected by a VPC firewall. Manual mode is not metered. Click Enable Firewall to go to the VPC Firewall tab of the Firewall Settings page. |
| Peak Traffic in Last 7 Days | Peak traffic protected by Cloud Firewall in the last 7 days |
| Peak Outbound Traffic | Peak outbound traffic protected by Cloud Firewall in the last 7 days |
| Peak Inbound Traffic | Peak inbound traffic protected by Cloud Firewall in the last 7 days |
| Intrusion Prevention Mode | Current intrusion prevention status, synchronized from the threat detection engine mode on the Prevention Configuration page. For more information, see Threat detection engine modes. |
| Blocked Attacks | Number of malicious attacks blocked by Cloud Firewall |
| Total Attacks | Total number of malicious attacks on protected assets |
| ACL | Number of access control policies created |
Internet firewall section
Displays a traffic topology graph between all public assets in your Alibaba Cloud account and the Internet.
Click a cloud asset icon to view its public IP address. The left panel shows Unprotected IP Address and Protected IP Address lists.
Click a specific IP address to view its inbound and outbound traffic details in the left panel:
Inbound tab: shows IP, Open Port, Intelligent Policy Recommended, and Access Control Policy
Outbound tab: shows Outbound Domain, Outbound IP Address, Intelligent Policy Recommended, and Access Control Policy
VPC firewall section
Displays VPC connectivity and protection status within your account.
All VPCs: Shows all VPCs connected using Express Connect and all VPCs in Cloud Enterprise Network (CEN). Hover over a VPC to view its details.
The protected icon indicates that protection is enabled for the VPC.
The unprotected icon indicates that protection is not enabled for the VPC.
Connected VPC: Shows VPCs connected using Express Connect and VPCs in CEN. Click Show to view the traffic topology graph between VPCs.
The Express Connect icon indicates a VPC connected using Express Connect.
The CEN icon indicates a VPC in CEN.
The left panel shows the total count of connected VPCs in CEN and Express Connect, along with a list of all connected VPCs. Click a VPC name to view its specific traffic topology graph.