This topic provides information about some frequently asked questions about Cloud Firewall.
- Features supported by Cloud Firewall
- Protection scope of Cloud Firewall
- Can Cloud Firewall protect L2 EIPs?
- Is Cloud Firewall applicable to the classic network?
- Can Cloud Firewall protect Internet-facing SLB instances?
- Can Cloud Firewall protect traffic on Express Connect or CEN?
- Can Cloud Firewall protect traffic that is destined for a VPC over a VPN gateway?
- Which types of traffic consume the purchased bandwidth of Cloud Firewall?
- Relationship between Cloud Firewall and other Alibaba Cloud services
- What is the relationship between Cloud Firewall and other cloud services in the Alibaba Cloud architecture?
- What types of assets does Cloud Firewall protect when I use multiple security services such as Cloud Firewall, Anti-DDoS Pro and Anti-DDoS Premium, and WAF?
- What types of assets does Cloud Firewall protect when I use Cloud Firewall together with CDN?
- Can I use Cloud Firewall together with OSS and RDS?
- How does service traffic flow when I use Anti-DDoS Pro and Anti-DDoS Premium, WAF, Cloud Firewall, SLB, ALB, and ECS together?
FAQ about enabling and disabling firewalls
Virtual private cloud (VPC) firewalls
FAQ about access control policies
- Can I increase the default quota for access control policies?
- Can I increase the maximum traffic between VPCs that can be protected?
- I configured an outbound access control policy whose Application is set to HTTP or HTTPS for a domain name. How do I check whether the policy is valid?
- Why is an error returned after I apply the default Allow policies to a security group?
- What are the differences between common policy groups and enterprise policy groups?
- How do I troubleshoot the error that is returned after I click Apply to allow the traffic of a security group?
- When I apply the default Allow policies, the system prompts a conflict that cannot be resolved. How do I troubleshoot the error?
- Why is the One-click Apply icon unavailable? How do I troubleshoot the error?
- What are the differences between internal firewalls and security groups?
- How do I eliminate false positives for suspicious outbound connections caused by Internet-based scans?
- I configured an outbound Deny access control policy whose Source is set to 0.0.0.0/0 for the Internet firewall, but some traffic is still allowed because no policy is matched. Why?
- How do I configure access control policies to allow the access from the web pages that use the xyz.com domain name only to the web pages that use the abc.xyz.com domain name?
FAQ about network traffic analysis
Traffic from unknown applications accounts for a large proportion in traffic analysis. Does this occur because Cloud Firewall cannot identify the types of applications that generate traffic from the Internet?
FAQ about log analysis
- How do I reduce the storage that is occupied by logs?
- Can I export the traffic logs of Cloud Firewall to a third-party system?
- How do I view the remaining log storage of Cloud Firewall?
- Why is the log storage capacity not displayed in the Cloud Firewall console?
- Why are traffic logs of ICMP detection periodically sent by Cloud Firewall?
- Why do traffic logs record traffic whose application type is Unknown?