All Products
Search
Document Center

Cloud Firewall:Functions and features

Last Updated:Jan 05, 2024

Before you purchase Cloud Firewall, you must select a Cloud Firewall edition based on your business requirements, the features supported by different Cloud Firewall editions, and costs. Therefore, you must understand the features supported by different Cloud Firewall editions.

Cloud Firewall features

The following table describes the features supported by different Cloud Firewall editions.

Note
  • 错: The feature is not supported by the edition.

  • 对: The feature is supported by the edition.

Feature

Description

Free Edition

Cloud Firewall that uses the pay-as-you-go billing method

Premium Edition

Enterprise Edition

Ultimate Edition

References

Firewall settings

The feature protects traffic between the Internet and your public IP addresses, including IPv4 addresses and IPv6 addresses.

Note

Cloud Firewall that uses the pay-as-you-go billing method supports only public IPv4 addresses.

错

对

对

对

对

Internet Firewall

The feature protects traffic between virtual private clouds (VPCs) and traffic between a VPC and a data center.

错

错

错

对

对

VPC Firewall

The feature protects traffic that originates from private IP addresses and is destined for the Internet.

错

对

对

对

对

NAT Firewall

Data overview

The feature displays the traffic topologies of cloud assets that are protected by Cloud Firewall.

错

错

错

对

对

Data overview

The feature provides an overview of defense features that are supported by Cloud Firewall and displays statistics about access traffic and detected risks within the previous seven days.

Note

Cloud Firewall that uses the pay-as-you-go billing method does not support the display of traffic statistics.

错

对

对

对

对

Data overview

Access control

The feature supports two-way access control on the north-south traffic of Internet-facing assets. This effectively prevents attacks and intrusions, and strictly controls the traffic of outbound connections.

错

对

对

对

对

Create inbound and outbound access control policies for the Internet firewall

The feature supports access control on traffic between VPCs and traffic between a VPC and a data center. The feature blocks unauthorized traffic and allows trusted traffic.

错

错

错

对

对

Create an access control policy for a VPC firewall

The feature supports two-way access control on the east-west traffic of Elastic Compute Service (ECS) instances. The feature blocks unauthorized access between ECS instances.

错

错

错

对

对

Create an access control policy for an internal firewall between ECS instances

The feature detects vulnerable rules in ECS security groups and provides suggestions to handle the rules. This way, you can use security groups in a more secure and efficient manner.

对

对

对

对

对

Check security group rules

Traffic analysis

The feature monitors outbound connections of cloud assets in real time.

错

错

对

对

对

Outbound Connection

The feature collects statistics about cloud assets that are protected by Cloud Firewall, and provides visualized analysis reports. The statistics include IP addresses, ports, and applications that are exposed on the Internet.

错

错

对

对

对

Internet Exposure

The feature monitors traffic between connected VPCs in real time. This helps you dynamically obtain VPC traffic data and identify and handle unusual traffic at the earliest opportunity.

错

错

错

对

对

VPC Access

Intrusion prevention

The feature provides the built-in threat detection engine and allows you to configure prevention rules. This helps you detect and block intrusions in a more accurate manner.

The feature displays the data of intrusion prevention, vulnerability prevention, and breach awareness in real time. You can view the details of attack prevention and solutions to intrusions that are detected by the threat detection engine in real time.

Implementation of the threat detection engine

  • Threat intelligence

    The feature synchronizes the threat intelligence libraries of all malicious IP addresses and domain names that are detected across Alibaba Cloud, including the IP addresses and domain names of malicious visitors, scanners, and command-and-control servers. The feature defends against potential threats and blocks attack behavior to prevent large-scale attacks.

  • Basic protection

    The feature precisely intercepts common attacks, such as malicious port scanning, brute-force cracking, remote code execution, and vulnerability exploitation based on the intrusion prevention rules that are accumulated in attack and defense practices of Alibaba Cloud. This helps you protect assets against mining or ransomware.

  • Intelligent defense

    The feature identifies unknown attacks based on AI technologies and a large amount of data about attacks and attack characteristics. The feature also improves detection of more sophisticated attacks.

  • Virtual patching

    The feature supports installation-free virtual patches for business systems. The feature provides precision defense against common vulnerabilities, zero-day vulnerabilities, and N-day vulnerabilities.

  • Protection whitelist

    The feature allows you to configure whitelists to allow normal traffic that may have attack characteristics. This ensures that your business can run as expected.

Note
  • Cloud Firewall that uses the pay-as-you-go billing method does not support the threat intelligence feature, provide the details of existing intrusion prevention rules, or support the creation of custom intrusion prevention rules.

  • Only Cloud Firewall Enterprise Edition and Ultimate Edition allow you to configure custom basic protection policies and virtual patching policies.

错

对

对

对

对

Prevention configuration

Intrusion prevention

Vulnerability prevention

Breach awareness

Log analysis

The feature supports log audit for event tracing and troubleshooting. By default, the feature retains logs for seven days.

Supported log types

  • Event log: records the data of events on traffic that passes through Cloud Firewall and hits access control policies. You can view the following information in an event log: the time when an event occurred, threat type, source IP address, destination IP address, application type, and severity.

  • Traffic log: records the data of traffic that passes through Cloud Firewall. You can analyze the traffic and traffic source by using the log analysis feature when an event occurs, and check whether a configured access control policy takes effect.

  • Operation log: records all configurations of Cloud Firewall and the operations that are performed on Cloud Firewall, such as enabling or disabling a firewall and modifying intrusion prevention configurations.

错

对

对

对

对

Log audit

The feature automatically collects, stores, and analyzes logs on inbound and outbound traffic in real time and supports real-time monitoring and alerting based on specific metrics. This ensures timely responses to exceptions that occur in critical workloads. The logs can be stored for 7 to 365 days.

错

错

对

对

对

Enable the log analysis feature

Business visualization

The feature allows you to create custom groups to build relationships between the applications of your cloud assets and application groups or business groups.

The feature provides information and access relationships of your cloud assets.

错

错

错

对

对

Custom groups

View security groups

Visualize application groups

Multi-account management

The feature supports centralized management of multiple accounts. You can share resources and protect access across multiple accounts.

错

错

对

对

对

Use the multi-account management feature

Asset exception notification

The feature allows you to receive notifications for exceptions that are detected by Cloud Firewall by text message or email at the earliest opportunity. The exceptions include unusual traffic, compromised hosts, suspicious outbound connections, vulnerabilities, unprotected public IP addresses, and disabled intrusion prevention.

Note
  • Cloud Firewall Free Edition supports only the Weekly Report notification item.

  • Cloud Firewall that uses the pay-as-you-go billing method supports only the following notification items: Notification of Compromised Hosts, Notification of Real-time Vulnerability Prevention, Notification of Unprotected Assets, Notification of Intrusion Events, Notification of New Internet-facing Assets, and Notification of Recommended Intelligent Policies.

对

对

对

对

对

Configure notifications

References

  • For more information about the features of Cloud Firewall, see Pre-sales FAQ.

  • For more information about the subscription billing method of Cloud Firewall Premium Edition, Enterprise Edition, and Ultimate Edition, see Subscription.

  • For more information about the pay-as-you-go billing method of Cloud Firewall, see Pay-as-you-go.

  • For more information about how to purchase Cloud Firewall, see Purchase Cloud Firewall.