Cloud Firewall is the first Firewall as a Service (FWaaS) solution on the cloud. It manages north-south and east-west traffic in a centralized manner to protect your network. The out-of-the-box feature of Cloud Firewall makes it easy to use. In addition, Cloud Firewall supports precise access control and network-wide traffic visualization.

Fully managed service

Cloud Firewall is the first FWaaS solution that is available on a public cloud platform, Alibaba Cloud. It adopts software-defined networking (SDN) technology. Cloud Firewall is a fully managed service that spares you from complex device deployment and system configurations, such as firewall image installation and routing configurations. In addition, you do not need to pay attention to disaster recovery, scale-out, or access issues.

Ease of use

After you purchase a Cloud Firewall edition and complete necessary configurations in the console, you can use Cloud Firewall immediately to defend your network. Cloud Firewall effectively reduces the cost of network security control and O&M.

Smooth scaling

Cloud Firewall is deployed in cluster mode and supports smooth scaling. It provides a defense capability of up to 2 Gbit/s for each IP address. You can customize the defense capability based on your business requirements.

Stability and reliability

Cloud Firewall is deployed in two availability zones (AZs) to achieve high availability. This way, Cloud Firewall does not break down if a server or AZ fails.

On-cloud in-depth integration

Cloud Firewall provides complete north-south and east-west traffic control for your assets. You can fully control access to your ECS instances and isolate ECS instances for security.

Cloud Firewall integrates access by Alibaba Cloud network service, such as Virtual Private Cloud (VPC), Cloud Enterprise Network (CEN), Elastic IP Address (EIP), and Server Load Balancer (SLB). Cloud Firewall controls access to common cloud assets at the network layer and exploits security capabilities of terminals to monitor and block suspicious access to cloud assets.

Real-time intrusion prevention

A built-in intrusion prevention system (IPS) allows Cloud Firewall to update network-wide threat intelligence in real time and monitors more than 5 million active malicious IP addresses and domain names. In this way, Cloud Firewall can detect and block threats from the Internet. In addition, Cloud Firewall provides a cyber kill chain to defend against critical cyberattacks.

Visualized business relationships

Cloud Firewall shows assets and their access relationships in topology views. After you activate Cloud Firewall, you can view your business groups, application groups, assets, and access relationships between assets in topologies, and perform clustering analysis of user traffic without any configurations. Cloud Firewall supports visualized analysis of traffic to ensure policy accuracy.

Compliance with classified protection requirements

Cloud Firewall meets classified protection requirements such as boundary protection and access control.