Problem description

After you enable a firewall, the following issues may occur:

  • You cannot log on to your server.
  • You cannot access the services that run on your server.
  • Your server cannot connect to the Internet.

Troubleshooting for the Internet firewall

  1. Check whether the Internet firewall is enabled for your asset. Internet firewall

    After you enable the Internet firewall, traffic can pass through Cloud Firewall. For more information about how to enable the Internet firewall, see Enable or disable Internet Firewall.

    Note If the Internet firewall is not enabled for your assets, traffic does not pass through Cloud Firewall. In this case, you must check other issues, such as network connection failures.
  2. Check whether traffic logs are generated on the Traffic Logs tab.
    • If no traffic logs are found, the traffic is discarded before it reaches the Internet firewall.
    • If traffic logs are found and the action is Discard, the traffic is discarded. In this case, you can find the relevant event on the Event Logs tab and confirm the module that performs the Discard action based on the information in the Module column.
      • If the Discard action is performed by the Access Control module, the traffic is blocked based on the access control policies that you configure. We recommend that you check the access control policies and modify them based on your business requirements.
      • If the Discard action is performed by the Basic Protection, Virtual Patches, or Threat Intelligence module, the traffic is blocked based on the intrusion prevention policies that you configure. In this case, you can choose Intrusion Prevention > Intrusion Prevention in the left-side navigation pane to disable the intrusion prevention policies.
    • If traffic logs are found and the action is Allow or Monitor, the traffic is not discarded by the Internet firewall. You must check whether security groups encounter exceptions.

Troubleshooting for security groups

Log on to the ECS console and click the name of the Elastic Compute Service (ECS) instance in which the network connection failure occurs. On the page that appears, click the Security Groups tab and check whether the Action column of the rules in the security groups displays Allow.

Security Groups

If the issue still exists, submit a ticket.