Cloud Firewall is a cloud security solution that provides firewalls as a service. It manages both north-south and east-west traffic and provides features, such as traffic monitoring, precise access control, and real-time intrusion prevention, to deliver protection at the network boundaries. This topic describes Cloud Firewall features and the Cloud Firewall editions that support the features.

Cloud Firewall features

The following table describes Cloud Firewall features and the Cloud Firewall editions that support the features. For more information about the subscription billing method of Cloud Firewall, see Billing.

  • Cross (×): The feature is not supported by the edition.
  • Tick (√): The feature is supported by the edition.
Scenario Feature Description Free Edition Premium Edition Enterprise Edition Ultimate Edition Pay-as-you-go Edition References
Access traffic analysis and attack detection of on-cloud networks Overview Provides an overview of defense features that are enabled and disabled and shows statistics on access traffic and detected security risks from the last seven days. × Overview
Access control Internet Firewall Supports domain name-based access control to strictly control the traffic of outbound connections and supports two-way access control over north-south IPv4 traffic. × × Create access control policies for outbound and inbound traffic on the Internet firewall
VPC Firewall Controls traffic between virtual private clouds (VPCs). × × × Create an access control policy for a VPC firewall
Internal Firewall Controls east-west traffic among your Elastic Compute Service (ECS) instances on an internal network. × × × Access control on an internal firewall between ECS instances
Policy Assistant Checks for ECS security group rules whose risk level is High and provides suggestions to modify the rules. This allows you to use security groups in a more secure and efficient manner. × Check security group rules
Network traffic analysis Outbound Connections Monitors outbound connections of cloud assets in real time. × × Outbound connections
Internet Access Collects and analyzes the statistics on access traffic of on-cloud networks. × × Internet access
VPC Access Monitors the traffic between VPCs in real time, which allows you to dynamically obtain the VPC traffic data and identify and handle suspicious traffic at the earliest opportunity. × × × VPC access
All Access Activities Allows you to query traffic that passes through Cloud Firewall based on conditions. × × All access activities
Attack prevention Vulnerability Prevention Detects vulnerabilities that can be exploited by attacks in real time and defends against these vulnerabilities. × Vulnerability protection
Breach Awareness Provides the details about intrusion events that are detected by the intrusion prevention system (IPS) and the solutions to handle the intrusion events. × Breach awareness
Intrusion Prevention Provides the details about protection for traffic between VPCs, inbound Internet traffic, and outbound Internet traffic. × Intrusion prevention
Prevention Configuration Provides the built-in threat detection engine that delivers the following capabilities:
  • Intelligently detects and blocks intrusions in real time. Analyzes the network traffic blocked by Cloud Firewall and IPS.
  • Synchronizes all malicious IP addresses detected across Alibaba Cloud and defends against potential threats, such as malicious visitors, scanners, and command-and-control servers.
  • Integrates the intrusion prevention policies used for attack and defense on Alibaba Cloud to ensure high accuracy in threat detection.
  • Supports installation-free virtual patches for business systems. Precisely defends against common vulnerabilities.
Notice Cloud Firewall Pay-as-you-go Edition does not provide the details about existing intrusion prevention rules or support the creation of custom intrusion prevention rules.
× Prevention configuration
Log management Log Audit Provides log audit and behavior backtracking.
  • Provides the logs of events on the Internet firewall and VPC firewalls.
  • Provides the logs of the traffic that passes through Cloud Firewall. If a threat occurs, you can view traffic logs to analyze traffic, identify its source, and check whether configured access control policies are in effect.
  • Provides system operation logs to record all configurations and operations on Cloud Firewall.
× × Log audit
Log Analysis Automatically collects, stores, and analyzes both inbound and outbound traffic logs in real time and supports real-time monitoring and alerting based on specific metrics. This ensures timely responses if exceptions occur in critical business. The value of a log storage duration ranges from 7 to 365 days. × × Enable the log analysis feature
Common tools for network traffic detection Toolbox Allows you to back up and roll back access control policies of the Internet firewall and VPC firewalls. × × × Back up and roll back an access control policy
Supports the packet capture feature, which helps you troubleshoot network failures and analyze attacks. × × × Create a packet capture task
Supports the strict mode of the Internet firewall. After the strict mode is enabled, the Internet firewall blocks traffic that meets the following conditions: The traffic matches an access control policy, and the application type of the traffic is identified Unknown. × × × Strict mode of the Internet firewall
Checks whether the requirements of classified protection are met. × None
Business visualization Custom Groups Allows you to create custom groups to build relationships between the applications of your cloud assets and application groups or business groups. × × Create application groups and business groups
Centralized account management Central Account Management Allows you to add Alibaba Cloud accounts as members, which helps you manage the resources of the accounts in a centralized manner. × × × × Use centralized account management