Cloud Firewall is the primary infrastructure that you can deploy to ensure network security for your business migrated to Alibaba Cloud. Cloud Firewall provides core functions such as network-wide traffic identification, centralized policy management, intrusion detection, and log auditing.

Cloud Firewall controls the traffic from the Internet to your ECS instances, the traffic from ECS instances to the Internet, and the traffic between ECS instances.

Access control on the Internet firewall

Controls inbound and outbound traffic on the Internet, and intercepts attacks and threats from the Internet, such as hacker intrusions, mining activities, and malicious traffic.

Access control on internal firewalls

Controls the traffic between ECS instances on an internal network and isolates business, so that risks on a specific ECS instance do not pose security threats to the business on the cloud.

Access control on VPC firewalls

Controls the traffic between VPCs.

Intrusion prevention

Detects and analyzes outbound connections of cloud assets, Internet access traffic, and traffic between ECS instances on an internal network. This helps you monitor the network traffic in real time, determine which cloud assets are at risk, and stop abnormal activities in real time to prevent risks.

Traffic visualization

Presents asset information and access relationships to help you identify suspicious traffic in real time.

Classified protection compliance

Stores the logs of more than six months of cloud assets, which helps websites meet classified protection compliance requirements.