Problem description

After you enable a firewall, the following issues may occur:

  • You cannot log on to your server.
  • You cannot access the services that run on your server.
  • Your server cannot connect to the Internet.

Troubleshooting for the Internet firewall

  1. Check whether the Internet firewall is enabled for your asset.

    After you enable the Internet firewall, traffic can pass through Cloud Firewall. For more information about how to enable the Internet firewall, see Enable or disable the Internet firewall.

    Note If the Internet firewall is not enabled for your asset, traffic does not pass through Cloud Firewall. In this case, you must check whether other issues such as network connection failures occur.
  2. Check whether traffic logs are generated on the Traffic Logs tab.
    • If no traffic logs are found, the traffic is discarded before it reaches the Internet firewall.
    • If traffic logs are found and the action is Discard, the traffic is discarded by the Internet firewall. In this case, you can find the relevant event on the Event Logs tab and confirm the module that performs the Discard action based on the information in the Module column.
      • If the Discard action is performed by the Access Control module, the traffic is discarded based on the access control policies that you configure. We recommend that you check the access control policies and modify them based on your business requirements.
      • If the Discard action is performed by the Basic Protection, Virtual Patches, or Threat Intelligence module, the traffic is discarded based on the intrusion prevention policies that you configure. In this case, you can choose Intrusion Prevention > Intrusion Prevention in the left-side navigation pane to disable the intrusion prevention policies.
    • If traffic logs are found and the action is Allow or Monitor, the traffic is not discarded by the Internet firewall. You must check security groups.

Troubleshooting for security groups

Log on to the ECS console. In the left-side navigation pane, choose Instances & Images > Instances. On the page that appears, click the name of the Elastic Compute Service (ECS) instance on which the network connection failure occurs. On the Security Groups tab of the Security Groups tab, make sure that the value in the Action column of the required security group rule is Allow.

If the issue persists after you perform the preceding troubleshooting operations, submit a ticket.