Cloud Firewall is the infrastructure that you can deploy to ensure network security for your workloads migrated to Alibaba Cloud. Cloud Firewall provides core features such as network-wide traffic identification, centralized policy management, intrusion detection, and log-related features.

Cloud Firewall controls the traffic from the Internet to your Elastic Compute Service (ECS) instances, the traffic from ECS instances to the Internet, and the traffic between ECS instances.

Access control on the Internet firewall

Cloud Firewall controls inbound and outbound Internet traffic, and intercepts attacks and threats from the Internet. The attacks and threats include intrusions, mining activities, and malicious traffic.

Access control on internal firewalls

Cloud Firewall controls the traffic between ECS instances in an internal network and isolates workloads. This way, risks on a specific ECS instance do not pose security threats to other workloads in the cloud.

Access control on VPC firewalls

Cloud Firewall controls the traffic between virtual private clouds (VPCs).

Intrusion prevention

Cloud Firewall detects and analyzes outbound connections of cloud assets, Internet access traffic, and traffic between ECS instances in an internal network. This helps you monitor the network traffic in real time, determine which cloud assets are at risk, and stop abnormal activities in real time to prevent risks.

Traffic visualization

Cloud Firewall displays asset information and access relationships to help you identify unusual traffic in real time.

Classified protection compliance

Cloud Firewall stores the logs of cloud assets. This helps websites meet the requirements of classified protection.
Note Cloud Firewall Premium Edition can store logs for up to 180 days. Cloud Firewall Enterprise Edition and Ultimate Edition can store logs for 7 to 360 days.