Cloud Firewall provides intelligent ACL policies for Internet access and external
connections. These policies isolate high-risk services for inbound traffic, prevent
the spread of worm viruses in outbound traffic, and defend your networks and hosts
against security threats.
Isolate high-risk services
Intelligent policies provide you with optimal ACL policies based on security threats detected in Internet
access traffic. For example, if high-risk services, such as SSH and RDP, are enabled
for IP addresses exposed to the Internet, the recommended policies only allow Internet
requests sent by hosts that exhibits normal logon status and from common source locations.
This reduces risks of network attacks.
- Log on to the Cloud Firewall console.
- In the left-side navigation pane, choose .
- On the Internet Access page, click Open Public IP Addresses.
- Find the target public IP address and click Intelligent Policy in the Actions column.

The
Intelligent Policy page displays policies recommended for the public IP address, including both
Allow and
Deny policies.

- On the Intelligent Policy page, you can perform the following operations:
- Click Show to view the reason why a policy is recommended.
The following figure shows that a large number of malicious IP addresses have tried
to access the SSH service of your IP address.

- Choose . The recommended policy takes effect immediately. You can view delivered policies
by choosing .
Note Before you click Deliver Policy to deliver a recommended policy, make that you understand its content and possible
service impacts.
You can perform Modify, Delete, Insert, and Move operations on a delivered policy.
Prevent worm attacks
Worm attacks control your host by using malicious code and cause it to send requests
to the domain name of a malicious website. After Cloud Firewall detects that your
host has initiated an external connection request, a recommended policy takes effect
to prevent access to malicious domain name, downloads of malicious programs, virus-control
over the host, and attacks by using cryptocurrency mining malware.
- Log on to the Cloud Firewall console.
- In the left-side navigation pane, choose .
- On the External Connections page, click External Domains.
The page displays the external domain name list.
- Find the target external domain name and click Intelligent Policy in the Recommended Operation column.
The Intelligent Policy page displays Deny policies recommended by Cloud Firewall for an IP address based on its external connections.
- On the Intelligent Policy page, you can perform the following operations: