After you purchase Cloud Firewall that uses the pay-as-you-go billing method, you can use Cloud Firewall features, such as intrusion prevention and access control, to protect your assets. This topic describes how to use Cloud Firewall that uses the pay-as-you-go billing method, including adding assets to Cloud Firewall for protection, configuring protection policies, and viewing protection results.
Implementation
The following figure shows how Cloud Firewall that uses the pay-as-you-go billing method protects Internet traffic.
Prerequisites
Cloud Firewall that uses the pay-as-you-go billing method is purchased. For more information, see Purchase Cloud Firewall.
Step 1: Enable asset protection
The first time you log on to the Cloud Firewall console after you purchase Cloud Firewall that uses the pay-as-you-go billing method, a dialog box in which you can add assets appears. In the dialog box, click Automatic Full Access for Internet-facing Assets or Quick Manual Access for Internet-facing Assets to add the assets that you want to protect.
If you select Automatic Protection for Assets on the Cloud Firewall buy page, all new assets are automatically added to Cloud Firewall for protection. If you do not select Automatic Protection for Assets on the Cloud Firewall buy page, log on to the Cloud Firewall console, choose in the left-side navigation pane, and then enable protection for new assets. For more information, see Internet firewall.
Step 2: Configure and view intrusion prevention
(Optional) Configure intrusion prevention
Cloud Firewall provides a built-in threat detection engine and automatically enables the basic protection feature to protect your assets against malicious traffic, intrusion attempts, and common attacks. This helps you precisely identify and block intrusions.
The threat detection engine supports the Monitor and Block working modes and provides different policies to block different types of attacks. For more information, see Working modes of the threat detection engine.
You can modify prevention configurations based on your business requirements. For more information, see Prevention configuration.
When you modify prevention configurations, we recommend that you enable the Monitor working mode. After a trial run, analyze false positives and then enable the Block working mode based on the analysis result.
For more information about intrusion prevention, see the following topics:
View intrusion prevention results
Log on to the Cloud Firewall console. In the left-side navigation pane, choose . Then, view the intrusion prevention results, including the source IP addresses, destination IP addresses, applications, sources, and details of blocking events of blocked traffic. For more information, see Intrusion prevention.
Step 3: Configure and view access control policies
(Optional) Configure an access control policy
If you do not configure an access control policy, Cloud Firewall allows all traffic. You can configure access control policies for the Internet firewall to precisely manage access between your Internet-facing assets and the Internet.
For more information, see Create inbound and outbound access control policies for the Internet firewall.
You can configure different access control policies to meet the requirements of different scenarios. For example, you can configure an inbound policy to allow Internet traffic over specific ports, an outbound policy to allow only an Elastic Compute Service (ECS) instance to access a specific domain name, or a policy to deny traffic between ECS instances that are deployed in different virtual private clouds (VPCs). For more information, see Configure access control policies.
Best practices for defense against unauthorized access to MongoDB
View the hit details of an access control policy
By default, an access control policy immediately takes effect after the policy is created. Log on to the Cloud Firewall console. In the left-side navigation pane, choose . On the page that appears, check the hit details of an access control policy in the Hits/Last Hit At column of the policy. For more information, see Create inbound and outbound access control policies for the Internet firewall.
The Hits/Last Hit At column displays the number of hits and the time when the policy was last hit. Click the number of hits to go to the Log Audit page. On the Traffic Logs tab, view the hit details. For more information, see Log audit.
Step 4: Configure alert notifications
You can configure alert notifications to receive notifications when asset attack risks occur or assets are added. This way, you can analyze the status of assets and handle exceptions at the earliest opportunity to ensure asset security.
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose .
On the Recipient Settings tab, click Add Recipient. For more information, see Configure notifications.
On the Alert Notification tab, configure the Notification Time, Severity, and Weekly Report parameters. For more information, see Configure notifications.
Step 5: View pay-as-you-go bills
The billing cycle of Cloud Firewall that uses the pay-as-you-go billing method is one day. Bills are generated and fees are deducted from your account balance at 18:00 the next day. You can query the details of the pay-as-you-go bills.
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose .
On the Bill Management page, view the usage details of Cloud Firewall that uses the pay-as-you-go billing method. The details include statistical data of protected assets, enabled features, and traffic data of protected assets.
Click View Bill Details to view bill details in the Billing Management console. For more information, see Bill details.
References
If you have questions about Cloud Firewall that uses the pay-as-you-go billing method, refer to Pre-sales FAQ.
If you want to know more about the features that are supported by Cloud Firewall that uses the pay-as-you-go billing method, refer to Functions and features.
If you want to reduce the costs of your Cloud Firewall that uses the pay-as-you-go billing method, you can use pay-as-you-go savings plans. For more information, see Pay-as-you-go savings plan.
If you want to change the billing method of Cloud Firewall from pay-as-you-go to subscription, refer to Change the billing method of Cloud Firewall from pay-as-you-go to subscription.
If you no longer require Cloud Firewall, you can manually release the service. For more information, see Release Cloud Firewall.