Cloud Firewall:FAQ about Cloud Firewall

Pre-sales FAQ

FAQ about enabling and disabling firewalls

• Why am I unable to activate Cloud Firewall for my account?

• Internet firewall

  • What are the impacts of enabling the Internet firewall?

  • What is the purpose of the Internet firewall?

  • Can the Internet firewall protect IPv6 addresses?

  • Is network traffic affected after I enable the Internet firewall?

  • What are the impacts of enabling the Internet firewall?

  • When I enable the Internet firewall, SLB instance-related network restriction prompts are displayed. Why?

  • Why are my public IP addresses not displayed after I perform asset synchronization in Cloud Firewall Free Edition?

  • How does Cloud Firewall match outbound traffic against access control policies of the Internet firewall, a NAT firewall, and a DNS firewall?

  • How do I efficiently enable and configure access control policies for the Internet firewall?

• NAT firewalls

  • What are the impacts of enabling a NAT firewall?

  • Why does Cloud Firewall create a route table and add the static route 0.0.0.0/0 to the route table after I enable a NAT firewall?

  • How does Cloud Firewall match outbound traffic against access control policies of the Internet firewall, a NAT firewall, and a DNS firewall?

• Virtual private cloud (VPC) firewalls

  • What are the impacts of enabling a VPC firewall?

  • Are the security group rules in ECS affected after VPC Firewall is enabled?

  • Why am I prompted that unauthorized network instances exist when I create a VPC firewall?

  • I have enabled a VPC firewall for a Basic Edition transit router. Why is a routing policy whose Routing Policy Action is set to Deny added to the route table of the transit router?

FAQ about access control policies

• FAQ about features

  • If I enable both WAF in transparent proxy mode and the Internet firewall, can traffic over forwarding ports be controlled by access control policies of Cloud Firewall?

  • Can I increase the default quota for access control policies?

  • Can I increase the protected VPC traffic bandwidth?

  • Can Cloud Firewall block traffic of IPv6 CIDR blocks?

  • What are the differences between Cloud Firewall and security groups?

  • What are the differences between common policy groups and enterprise policy groups?

• FAQ about operations

  • I configured an outbound access control policy whose application type is HTTP or HTTPS for a domain name. How do I check whether the policy is valid?

  • How do I troubleshoot the error that is returned after I apply the default Allow policies to a security group?

  • When I apply the default Allow policies, the system prompts that a conflict cannot be resolved. How do I troubleshoot the error?

  • Why is the Quick Apply icon unavailable? How do I troubleshoot the error?

  • How do I eliminate false positives for suspicious outbound connections that are caused by Internet-based scans?

  • I configured an outbound Deny access control policy whose Source is set to 0.0.0.0/0 for the Internet firewall. However, some traffic is still allowed because no policy is matched. Why?

  • How do I configure access control policies to allow access only to a specified subdomain name of a secondary domain name?

  • How do I use Cloud Firewall to strengthen access control on the domain names of a bastion host?

FAQ about network traffic analysis

• Traffic from unknown applications accounts for a large proportion in traffic analysis. Does this occur because Cloud Firewall cannot identify the types of applications that generate traffic from the Internet?

• When I view the results of all access activities, the system displays a large proportion of traffic from unknown ISPs. Why?

• Intelligence tags are displayed on the Outbound Connection page. What are the meanings of the tags?

• How do I troubleshoot network connection failures?

• What are the priorities of rules that are used by Cloud Firewall to protect traffic?

• What do I do if the volume of my business traffic exceeds the purchased bandwidth of Cloud Firewall?

FAQ about log analysis

• Why is the total number of Cloud Firewall logs different from the total number of Anti-DDoS Proxy logs or WAF logs?

• How do I reduce the storage occupied by logs?

• Can I export traffic logs of Cloud Firewall to a third-party system?

• How do I view the remaining log storage of Cloud Firewall?

• Why are traffic logs of ICMP detection periodically sent by Cloud Firewall?

• Why do traffic logs record traffic whose application type is Unknown?

• Is log analysis data retained after I release Cloud Firewall?

• Can I directly export log audit records?

• Why is the total number of Cloud Firewall logs different from the total number of Anti-DDoS Proxy logs or WAF logs?