This topic describes the basic information, overall mitigation capabilities, statistics, and traffic topology of your Cloud Firewall instance. This information helps you understand the security status of your network assets and the traffic at your Internet and VPC borders.
Overview
The Overview tab displays the overall mitigation capabilities of Cloud Firewall and provides statistics to help you understand the security status of your network assets.
The Overview page provides a centralized view of statistics, such as protected assets, traffic trends, and security events.
Cloud Firewall instances are managed by a control plane in the Singapore region.
Log on to the Cloud Firewall console.
On the Overview tab, you can view the following information.
Section
Description
Operations
Protection Status
This section displays the edition of your Cloud Firewall instance. The displayed information varies based on the instance edition.
Temporary Bandwidth Upgrade: Temporarily adjust the processing capacity for Internet traffic and VPC traffic on an hourly basis. At the specified restoration time, the processing capacity is automatically restored to its previous level. For more information, see Upgrade and downgrade.
Change Specifications: Upgrade your Cloud Firewall edition or adjust service specifications. For more information, see Upgrade and downgrade.
Renewal: Manually renew your instance. For more information, see Renewal policy.
Auto-renewal: If you enable auto-renewal, the system automatically deducts fees from your account balance and renews your subscription nine days before it expires. The renewal is processed only if your account balance is sufficient. For more information, see Renewal policy.
Release: You can manually release an instance within the period from 15 days before to 7 days after its expiration date. For more information, see Release an instance.
NoteDisable the firewall during off-peak hours. After you confirm that your services run as expected, you can release the instance.
More: View details such as the processing capacity for Internet traffic, the traffic peak in the last 7 days, the number of Protected Public IP Addresses, the processing capacity for VPC traffic, the recent traffic peak, the number of VPC firewalls, the log audit storage capacity, and the number of accounts available for multi-account authorization.
Unhandled Events
This section displays the number of Compromised Hosts, Detected Vulnerabilities, Open Ports, and Suspicious Outbound Connections that Cloud Firewall has recently detected on your protected assets.
Click Handle Now to locate and handle the anomalous activity.
For more information about how to handle different types of anomalous activities, see the following topics:
Add Asset for Protection
This section displays the protection status of your assets, including the following:
The number of assets that are assigned public IP addresses and whether they are protected by the Internet firewall.
The number of VPC firewalls that are created and not created.
The number of NAT firewalls that are created and not created.
The number of security groups that are protected by the internal firewall.
For unprotected assets, you can click the number of unprotected assets to go to the Firewall Settings page and enable the corresponding firewall. For more information, see Internet firewall, (To be deprecated) Enable or disable a VPC firewall, and NAT firewall.
Click View Details and Bills in the upper-right corner of the section to go to the Bill Management page and view the details of your bills.
Security Protection
This section displays the number of recent security protection events for your assets. These events include Total Attacks Blocked, Blocked Intrusion Attacks, Attacks Blocked by Access Control Policies, Blocked Vulnerability Attacks, and Sensitive Data Leak Events.
To view details, click Show to view the data from different protection modules.
For more information about the protection modules, see the following topics:
Security Policies
This section displays information about access control policies, including the Intelligent Policies to Be Applied and the Total Access Control Policies and the change in the last 7 days.
Click the number of pending intelligent policies to go to the Recommended Intelligent Policy panel on the Access Control page. On this page, you can view and apply the intelligent policies that are recommended by Cloud Firewall. For more information, see Intelligent policies.
Click the total number of ACL policies to go to the Access Control page, where you can view and manage each policy.
Latest Updates
This section displays recent update records for Virtual Patching, Basic Protection, and Feature Updates.
Click the Virtual Patching, Basic Protection, or Feature Updates tab to view the corresponding update records.
Traffic Trend
This section displays the recent traffic trends for the Internet firewall and VPC firewalls on your protected assets. This feature is not supported for pay-as-you-go Cloud Firewall instances.
Internet firewall: The overall traffic trend and the trend of the number of inbound and outbound sessions blocked by Cloud Firewall.
VPC firewall: The traffic trend of VPCs and the trend of blocked VPC traffic.
VPC firewall information is displayed on the Overview page only for Cloud Firewall Enterprise and Ultimate editions.
If your actual service traffic exceeds the purchased protection bandwidth, Cloud Firewall protects traffic only up to the purchased bandwidth limit. By default, traffic that exceeds the bandwidth limit is not protected. In this case, you must upgrade your bandwidth. For more information, see Upgrade and downgrade.
NoteFor more information about how to troubleshoot IP addresses with abnormal traffic peaks, see What do I do if my service traffic exceeds the bandwidth supported by Cloud Firewall?.
To set a time range, click the time drop-down list in the upper-right corner to select a time range for the query.
To view the trend chart for the Internet firewall:
On the Traffic Trend tab, you can hover over the trend chart to view inbound and outbound traffic details at a specific time. You can click the
icon next to the peak inbound and outbound traffic values. In the pop-up that appears, click View to navigate to the Internet Exposure page and the Outbound Connection page for specific information about peak traffic.Inbound traffic = Internet exposure request traffic + Internet exposure response traffic
The peak inbound traffic is the peak of the total Internet exposure traffic. Cloud Firewall aggregates traffic data based on peak values over a period. Therefore, the total peak traffic is less than or equal to the sum of the request and response traffic peaks.
Outbound traffic = Outbound connection request traffic + Outbound connection response traffic
The peak outbound traffic is the peak of the total outbound connection traffic. Cloud Firewall aggregates traffic data based on peak values over a period. Therefore, the total peak traffic is less than or equal to the sum of the request and response traffic peaks.
NoteThe Internet firewall can view only the traffic of public IP addresses. To view the traffic of private IP addresses, you must enable a NAT firewall.
View the inbound interception trend: On the Trend of Blocked Inbound Traffic tab, hover over the trend chart to view the number of blocked inbound sessions at a specific point in time. You can view the peak number of blocked sessions in the upper-left corner of the chart.
View the outbound interception trend: On the Trend of Blocked Outbound Traffic tab, hover over the trend chart to view the number of blocked outbound sessions at a specific point in time. You can view the peak number of blocked sessions in the upper-left corner of the chart.
To view the traffic trend chart for the VPC firewall:
View the VPC traffic trend chart: On the Trend of Handled Traffic Between VPCs tab, hover over the trend chart to view the total number of deduplicated VPC traffic sessions at a specific point in time. Then, click View Details. In the VPC Traffic Details panel, view the VPC traffic details for that specific time.
You can also click View Details in the Actions column of a target VPC to go to the VPC Access Activity page. For more information, see VPC Access.
View the VPC interception trend chart: On the Trend of Blocked Sessions Between VPCs tab, hover over the trend chart to view the number of blocked VPC sessions at a specific point in time. You can view the peak number of blocked sessions in the upper-left corner of the chart.
Scenario Data
This section displays information about risks such as brute-force attacks, scanner attacks, mining behavior, and database protection events that Cloud Firewall has recently detected on your protected assets. It also shows related protection information.
To set a time range, click the time drop-down list in the upper-right corner to select a time range for the query.
To view data for a specific scenario, click a tab (Brute-force Attacks, Scan, Mining, or Database Attack) to view the corresponding data. The following list describes the data on each tab:
Brute-force Attacks: Displays statistics about brute-force attacks and a ranking of the most attacked applications and assets.
Scan: Displays statistics about scan risks and a ranking of the most scanned applications and assets.
Mining: Displays statistics about attacks from mining viruses and a ranking of the most attacked applications and assets.
Database Attack: Displays statistics about database protection events and a ranking of the most attacked applications and assets.
Traffic topology visualization
The traffic topology visualization feature displays a traffic topology graph of the cloud assets protected by Cloud Firewall. The topology graph can display traffic at the Internet and VPC borders. This feature is available only in Cloud Firewall Enterprise Edition and Ultimate Edition.
Log on to the Cloud Firewall console. In the navigation pane on the left, click Overview.
On the Traffic Topology Visualization tab, you can view the following information.
Section
Description
Supported operation
Overview
This section displays statistics for Public IP Address, Protected Network Elements, Traffic, Intrusion Prevention Mode, Attack, and ACL.
Public IP Address:
Total IP Addresses: the total number of public IP addresses for all assets in your Alibaba Cloud account.
Unprotected IP Addresses: the total number of IP addresses for which the firewall is not enabled.
Click Enable Firewall to go to the Internet Firewall tab of the Firewall Settings page. You can then enable the firewall for your unprotected cloud assets.
Protected Network Elements:
Total Network Elements: the total number of network elements in your Alibaba Cloud account.
Unprotected: the number of network elements protected by a VPC firewall. This includes VPCs, VBRs, TRs, VPN gateways, and CEN instances. The manual mode is not metered.
Click Enable Firewall to go to the VPC Firewall tab of the Firewall Settings page. You can then enable the firewall for your unprotected VPCs.
Traffic:
Peak Traffic in Last 7 Days: the peak traffic protected by Cloud Firewall within the last 7 days.
Peak Outbound Traffic: the peak outbound traffic protected by Cloud Firewall within the last 7 days.
Peak Inbound Traffic: the peak inbound traffic protected by Cloud Firewall within the last 7 days.
Intrusion Prevention Mode:
The intrusion prevention status is synchronized from the threat detection engine mode on the Prevention Configuration page. For more information, see Threat detection engine modes.
Attack:
Blocked Attacks: the number of malicious attacks that are blocked by Cloud Firewall.
Total Attacks: the total number of malicious attacks on the cloud assets that are protected by Cloud Firewall.
ACL: the number of created access control policies.
None
Internet firewall
This section displays a traffic topology graph between all public assets in your Alibaba Cloud account and the Internet.
Click a cloud asset icon to display the public IP address of the asset. On the left side of the page, view Unprotected IP Address and Protected IP Address.
Click a specific IP address. The panel on the left shows the inbound and outbound traffic details for that IP address.
The Inbound tab displays information such as IP, Open Port, Intelligent Policy Recommended, and Access Control Policy.
The Outbound tab displays information such as Outbound Domain, Outbound IP Address, Intelligent Policy Recommended, and Access Control Policy.
VPC firewall
All VPCs: displays all VPCs that are connected using Express Connect and all VPCs in Cloud Enterprise Network (CEN) within your Alibaba Cloud account. Hover over a VPC to view its details.
The
icon indicates that protection is enabled for the VPC.The
icon indicates that protection is not enabled for the VPC.
Connected VPC: displays details about VPCs that are connected using Express Connect and VPCs in CEN. Click Show to view the traffic topology graph between VPCs.
The
icon indicates a VPC that is connected using Express Connect.The
icon indicates a VPC in CEN.
On the left side of the page, you can view the total number of connected VPCs in CEN and Express Connect, and a list of all connected VPCs. You can click a VPC name to view its specific traffic topology graph.
None