Cloud Firewall is the infrastructure that you can deploy to ensure network security for your workloads migrated to Alibaba Cloud. Cloud Firewall provides core features such as network-wide traffic identification, centralized policy management, intrusion detection, and log-related features.
Cloud Firewall controls the traffic from the Internet to your Elastic Compute Service (ECS) instances, the traffic from ECS instances to the Internet, and the traffic between ECS instances.
Access control on the Internet firewall
Cloud Firewall controls inbound and outbound Internet traffic, and intercepts attacks and threats from the Internet. The attacks and threats include intrusions, mining activities, and malicious traffic.
Access control on internal firewalls
Cloud Firewall controls the traffic between ECS instances in an internal network and isolates workloads. This way, risks on a specific ECS instance do not pose security threats to other workloads in the cloud.
Access control on VPC firewalls
Cloud Firewall controls the traffic between virtual private clouds (VPCs).
Cloud Firewall detects and analyzes outbound connections of cloud assets, Internet access traffic, and traffic between ECS instances in an internal network. This helps you monitor the network traffic in real time, determine which cloud assets are at risk, and stop abnormal activities in real time to prevent risks.
Cloud Firewall displays asset information and access relationships to help you identify unusual traffic in real time.