Cloud Firewall is a cloud security solution that provides firewalls as a service. Cloud Firewall manages north-south and east-west traffic to ensure the security of your network. Cloud Firewall is easy-to-use and can be used out-of-the-box. Cloud Firewall supports precise access control and network-wide traffic visualization.
Deployment within seconds
You can activate and deploy Cloud Firewall without the need to change the network architecture of your business.
You can add Internet-facing assets to the Internet firewall within seconds to immediately protect the inbound and outbound traffic of the Internet-facing assets.
NAT firewalls can be automatically enabled to monitor traffic from private networks to the Internet, and virtual private cloud (VPC) firewalls can be automatically enabled to isolate east-west traffic across VPCs. This frees you from complex deployment configurations and reduces security risks.
Flexible purchase
Cloud Firewall supports the pay-as-you-go billing method, the subscription billing method, and pay-as-you-go savings plans to meet the budgets of enterprises of different sizes.
Small- and medium-sized enterprises can use Cloud Firewall that uses the pay-as-you-go billing method to use resources before paying for the resources. The enterprises can also use pay-as-you-go savings plans to reduce costs.
Large- and medium-sized enterprises can use Cloud Firewall that uses the subscription billing method, including Cloud Firewall Premium Edition, Enterprise Edition, and Ultimate Edition. The specifications of Cloud Firewall can be scaled out based on the business requirements.
You can upgrade or downgrade Cloud Firewall, manually release Cloud Firewall, temporarily upgrade the specifications of Cloud Firewall, and use the burstable protected traffic feature.
New users can use a free trial of Cloud Firewall that uses the pay-as-you-go billing method. The free trial is worth USD 50.
Flexibility and stability
The network traffic processing capability of Cloud Firewall can be smoothly and elastically scaled out based on your business requirements without service interruptions. This helps meet the requirements in scenarios such as temporary sales promotions, testing, business development, and attack and defense drills, and ensures business continuity.
You can scale down the network traffic processing capability during off-peak hours to reduce costs without service interruptions.
Cloud Firewall provides a high-availability mechanism and dual-zone disaster recovery at different boundaries to implement automated end-to-end health check, automatic session synchronization, storage synchronization, synchronization management, and failover. This eliminates the need to maintain high availability and ensures high stability of business.
Intelligent defense
The intrusion prevention feature of Cloud Firewall can detect and block malicious traffic in real time, such as attacks, vulnerability exploits, brute-force attacks, worms, mining programs, and backdoor trojans. The feature protects enterprise information systems in the cloud against attacks, unauthorized access, or data breaches.
Cloud Firewall provides massive amount of threat intelligence to help you quickly detect unknown threats. Cloud Firewall works together with Security Center and provides virtual patches for vulnerabilities in servers to implement closed-loop vulnerability management and protection.
Cloud Firewall can automatically learn traffic and logs, allows you to create access control policies, and can analyze the policies to implement intelligent defense for cloud assets.
Native integration
Cloud Firewall natively works with various Alibaba Cloud network services to automatically identify cloud network assets.
Cloud Firewall can identify cloud assets in real time. The assets include IPv4 and IPv6 addresses of assets such as Elastic Compute Service (ECS) instances, load balancer assets, and bastion hosts, elastic IP addresses (EIPs), EIPs of NAT gateways, EIPs of Global Accelerator (GA) instances, and EIPs associated with high-availability virtual IP addresses (HAVIPs).
You can enable automatic protection for new assets to minimize exposure of the new assets.
Cloud Firewall can deeply work with services such as Simple Log Service, CloudMonitor, Resource Access Management (RAM), Cloud Config, and Resource Management to implement integrated and native log audit and permission management in the cloud.
Multi-account management
Cloud Firewall provides the multi-account management feature free of charge.
If your cloud resources are distributed across multiple accounts, you do not need to purchase, deploy, operate, or maintain multiple Cloud Firewall. You need to only purchase Cloud Firewall by using an Alibaba Cloud account and use the multi-account management feature to manage the resources within all accounts.
You can use the management account to manage multiple members in a resource directory in a centralized manner. You can use multiple capabilities on Internet-facing assets, NAT gateways, and VPCs to simplify O&M for your enterprise and improve O&M efficiency. For example, you can enable firewalls, and use the traffic analysis, intrusion prevention, access control, log audit, and weekly report capabilities.