Dear Alibaba Cloud users,
To improve the recognition rate of traffic applications for access control policies that are configured on virtual private cloud (VPC) firewalls, Cloud Firewall optimized the Deep Packet Inspection (DPI) engine by updating the VPC Firewall feature. The update started from February 2, 2023.
Update schedule
February 20, 2023 to April 30, 2023: Update the VPC Firewall feature.
Impacts
After the update, traffic applications that previously cannot be identified can be identified. As a result, the following changes may occur:
Before the update, if traffic matches an access control policy in a non-strict mode but the application type or domain name is identified as Unknown, the traffic is allowed. After the update, the traffic is matched against other access control policies.
Before the update, if traffic matches an access control policy in the strict mode but the application type is identified as Unknown, the traffic is matched against other access control policies. After the update, the application type can be identified, and the traffic may match the first access control policy.
Suggestions
If you enabled VPC firewalls and configured access control policies, go to the Traffic Logs page and view the applications that are recently identified, the traffic hits of access control policies, and the impacts on your business.
If you want to troubleshoot issues, join the DingTalk group 33081734 to obtain technical support on Cloud Firewall.