All Products
Search

This Product

    Cloud Firewall:Evaluate NAT firewall specifications

    Document Center

    Cloud Firewall:Evaluate NAT firewall specifications

    Last Updated:May 23, 2024

    When you purchase a NAT firewall, you must confirm the specifications of the NAT firewall based on factors such as business traffic and costs. This topic provides examples on how to evaluate the NAT firewall specifications and select the specifications that best fit your business. This helps you allocate resources in an efficient manner to optimize cost-effectiveness.

    NAT firewall specifications

    • For more information about how to charge fees for the enabled NAT firewalls and the protected private network traffic in the pay-as-you-go billing method, see Pay-as-you-go.

    • Cloud Firewall provides three subscription editions: Premium Edition, Enterprise Edition, and Ultimate Edition. For more information about the maximum number of NAT firewalls that can be enabled and the peak private network traffic that can be protected by a NAT firewall in different editions, see Subscription.

    Evaluation procedure

    image

    Step 1: Confirm the number of NAT gateways for which you want to enable NAT firewalls

    Method 1: Use the Cloud Firewall console

    1. Log on to the Cloud Firewall console.

    2. In the left-side navigation pane, click Firewall Settings.

    3. On the NAT Firewall tab of the Firewall Settings page, confirm the number of NAT gateways for which you want to enable NAT firewalls.

    Method 2: Use the NAT Gateway console

    1. Log on to the NAT Gateway console.
    2. In the top navigation bar, select the region where you want to create the NAT gateway.

    3. On the Internet NAT Gateway page, find the Internet NAT gateway that you want to manage.

    4. On the Internet NAT Gateway page, confirm the number of NAT gateways for which you want to enable NAT firewalls.

    Step 2: Evaluate the peak private network traffic to be protected by using a NAT firewall based on historical data

    We recommend that you use historical data that spans at least the previous seven days.

    Method 1: (Recommended) Use the Cloud Firewall console

    This result that is evaluated by using this method is relatively accurate.

    Important

    This method is applicable to the scenarios where Internet firewalls are enabled. You can use this method to calculate the peak traffic for public IP addresses of all NAT gateways on the Outbound Connection page. Then, you can evaluate the private network traffic to be protected by using a NAT firewall based on the calculated peak traffic.

    1. Log on to the Cloud Firewall console.

    2. In the left-side navigation pane, choose Traffic Analysis > Outbound Connection.

    3. On the Public IP Address tab of the Visualized Analysis tab, query the peak of total private network traffic of NAT gateways for which you want to enable NAT firewalls based on the public IP addresses of the NAT gateways.

    4. Sum up the peaks of total private network traffic of all NAT gateways.

    Method 2: Use the NAT Gateway console

    Important

    If you use this method to evaluate the peak private network traffic to be protected by using a NAT firewall, the evaluation result is relatively inaccurate due to the bandwidth computing logic difference between NAT gateways and Cloud Firewall. We recommend that you enable NAT firewalls based on the evaluation result, and then upgrade or downgrade the edition or specifications of Cloud Firewall based on your business requirements.

    1. Log on to the NAT Gateway console.
    2. In the top navigation bar, select the region where you want to create the NAT gateway.

    3. On the Internet NAT Gateway page, find the NAT gateway for which you want to enable a NAT firewall and click the 监控 icon in the Monitor column.

      We recommend that you use the historical traffic data that spans at least the previous seven days. This improves the accuracy of evaluation results.

    4. Sum up the peaks of total private network traffic of all NAT gateways.

    Step 3: Know the NAT firewall specifications in different Cloud Firewall editions

    • For more information about the billing rules of the NAT firewalls that are used to protect NAT gateways and the protection of private network traffic in the pay-as-you-go billing method, see Pay-as-you-go.

    • Cloud Firewall provides three subscription editions: Premium Edition, Enterprise Edition, and Ultimate Edition. For more information about the NAT firewall specifications in different Cloud Firewall editions, see Subscription.

    Step 4: Evaluate the specifications of NAT firewalls that you need based on the preceding data and purchase Cloud Firewall

    You can evaluate the edition of Cloud Firewall that meets your business requirements and the peak private network traffic to be protected by NAT firewalls based on the following data: the calculated peak of total private network traffic for the previous seven days, the estimated peak of total private network traffic for the subsequent business, and the traffic protection capability in different Cloud Firewall editions.

    By default, the basic price of Cloud Firewall Premium Edition does not cover NAT firewalls and the traffic protection capability. However, you can upgrade the edition of Cloud Firewall. The preceding evaluation results are within the upgrade scope of Cloud Firewall Premium Edition.

    For more information about how to purchase Cloud Firewall, see Purchase Cloud Firewall.

    References

    • After you purchase Cloud Firewall, you can enable NAT firewalls to protect your assets. For more information, see NAT Firewall.

    • You can configure an access control policy for a NAT firewall to implement fine-grained management on business traffic. For more information, see Create an access control policy for a NAT firewall.

    • You can use traffic logs to check whether specific traffic is within your business scope. For more information, see Log audit.