Cloud Firewall of Alibaba Cloud is a cloud security solution that provides firewalls as a service. Cloud Firewall implements centralized security isolation and traffic control for your cloud assets at the Internet, virtual private cloud (VPC), and host boundaries. Cloud Firewall is the first line of defense to protect your services in Alibaba Cloud.

Protection scope of Cloud Firewall

Cloud Firewall can protect the following cloud assets or traffic:
  • Internet traffic: traffic of public IP addresses of Elastic Compute Service (ECS) instances, elastic IP addresses (EIPs) of Server Load Balancer (SLB) instances, High-Availability Virtual IP Addresses (HAVIPs), EIPs, EIPs of ECS instances, EIPs of Elastic Network Interfaces (ENIs), some public IP addresses of Server Load Balancer (SLB) instances, and EIPs of network address translation (NAT) gateways.
  • Traffic between VPCs: traffic between VPCs that are connected by using a CEN or Express Connect
  • Traffic between VPCs and data centers: The VPCs and data centers are connected by using virtual border routers (VBRs).


Cloud Firewall complies with the following standards: ISO 9001, ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 29151, ISO 27701, BS 10012, Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR), and Payment Card Industry (PCI) Data Security Standards (DSS).

Contact us

If you have any questions about the features, prices, and specifications of Cloud Firewall or if you want to apply for the trial use of Cloud Firewall, join the DingTalk group numbered 33081734 to obtain support from Cloud Firewall security experts.