Dear Alibaba Cloud users,
To improve the application recognition rate of access control policies that are configured for NAT firewalls, Cloud Firewall optimizes the Deep Packet Inspection (DPI) engine for access control policies by updating the NAT Firewall feature. The update starts on March 5, 2024.
Update schedule
March 5, 2024 to May 15, 2024
Impacts
Cloud Firewall optimizes the recognition mechanism for traffic over the MySQL, MQTT, and MongoDB protocols.
After the update, the recognition rate of MySQL, MQTT, and MongoDB applications is improved. The recognition results for some traffic may change. If you have configured an access control policy, the traffic hit results of the policy may also change.
Suggestions
If you enabled NAT firewalls and configured access control policies, go to the Traffic Logs page to view the applications that are recently identified, the traffic hits of access control policies, and the impacts on your business.
If access errors occur, we recommend that you modify the access control policies. For example, if traffic was allowed before the update but is denied after the update, you can add an access control policy to allow the traffic and specify a higher priority for the new policy.
If you have other questions, you can submit a ticket to obtain technical support.