Before you purchase Cloud Firewall, you must select a Cloud Firewall edition based on your business requirements, the features supported by different Cloud Firewall editions, and costs. Therefore, you must understand the features supported by different Cloud Firewall editions.
Cloud Firewall features
The following table describes the features supported by different Cloud Firewall editions.
: The feature is not supported by the edition.
: The feature is supported by the edition.
Cloud Firewall that uses the pay-as-you-go billing method
The feature protects traffic between the Internet and your public IP addresses, including IPv4 addresses and IPv6 addresses.
Cloud Firewall that uses the pay-as-you-go billing method supports only public IPv4 addresses.
The feature protects traffic between virtual private clouds (VPCs) and traffic between a VPC and a data center.
The feature protects traffic that originates from private IP addresses and is destined for the Internet.
The feature displays the traffic topologies of cloud assets that are protected by Cloud Firewall.
The feature provides an overview of defense features that are supported by Cloud Firewall and displays statistics about access traffic and detected risks within the previous seven days.
Cloud Firewall that uses the pay-as-you-go billing method does not support the display of traffic statistics.
The feature supports two-way access control on the north-south traffic of Internet-facing assets. This effectively prevents attacks and intrusions, and strictly controls the traffic of outbound connections.
The feature supports access control on traffic between VPCs and traffic between a VPC and a data center. The feature blocks unauthorized traffic and allows trusted traffic.
The feature supports two-way access control on the east-west traffic of Elastic Compute Service (ECS) instances. The feature blocks unauthorized access between ECS instances.
The feature detects vulnerable rules in ECS security groups and provides suggestions to handle the rules. This way, you can use security groups in a more secure and efficient manner.
The feature monitors outbound connections of cloud assets in real time.
The feature collects statistics about cloud assets that are protected by Cloud Firewall, and provides visualized analysis reports. The statistics include IP addresses, ports, and applications that are exposed on the Internet.
The feature monitors traffic between connected VPCs in real time. This helps you dynamically obtain VPC traffic data and identify and handle unusual traffic at the earliest opportunity.
The feature provides the built-in threat detection engine and allows you to configure prevention rules. This helps you detect and block intrusions in a more accurate manner.
The feature displays the data of intrusion prevention, vulnerability prevention, and breach awareness in real time. You can view the details of attack prevention and solutions to intrusions that are detected by the threat detection engine in real time.
Implementation of the threat detection engine
The feature supports log audit for event tracing and troubleshooting. By default, the feature retains logs for seven days.
Supported log types
The feature automatically collects, stores, and analyzes logs on inbound and outbound traffic in real time and supports real-time monitoring and alerting based on specific metrics. This ensures timely responses to exceptions that occur in critical workloads. The logs can be stored for 7 to 365 days.
The feature allows you to create custom groups to build relationships between the applications of your cloud assets and application groups or business groups.
The feature provides information and access relationships of your cloud assets.
The feature supports centralized management of multiple accounts. You can share resources and protect access across multiple accounts.
Asset exception notification
The feature allows you to receive notifications for exceptions that are detected by Cloud Firewall by text message or email at the earliest opportunity. The exceptions include unusual traffic, compromised hosts, suspicious outbound connections, vulnerabilities, unprotected public IP addresses, and disabled intrusion prevention.
For more information about the features of Cloud Firewall, see Pre-sales FAQ.
For more information about the subscription billing method of Cloud Firewall Premium Edition, Enterprise Edition, and Ultimate Edition, see Subscription.
For more information about the pay-as-you-go billing method of Cloud Firewall, see Pay-as-you-go.
For more information about how to purchase Cloud Firewall, see Purchase Cloud Firewall.