Statistics of traffic from service assets to the Internet - Cloud Firewall

You can view information about the outbound connections from your assets to the Internet on the Outbound Connection page. The information includes the trace information about outbound traffic, destination addresses that are accessible on the Internet, and outbound connections of Internet-facing and internal-facing assets. This helps identify suspicious assets and ensure business security.

Prerequisites

The Internet firewall is enabled. For more information, see Internet firewall.

View the statistics of outbound connections

The Data Statistics section on the Outbound Connection page displays the statistics of usual and unusual outbound traffic of your assets. You can troubleshoot unusual traffic on the Outbound Traffic tab based on the statistics to ensure the security of outbound traffic for your assets.

Log on to the Cloud Firewall console. In the left-side navigation pane, choose Traffic Analysis > Outbound Connection.

In the upper-right corner of the Outbound Connection page, select a time range from the drop-down list. Then, you can view the information in the Data Statistics section and on the Outbound Traffic tab. The following table describes the information.

You can specify a custom time range within the previous seven days on the Outbound Traffic tab to search for statistics.

Parameter	Description	Supported operation
Outbound Domains	The number of at-risk domain names and the total number of domain names in outbound connections. The outbound connections are initiated from your assets to the domain names that are accessible on the Internet.	You can click a number below Outbound Domains in the Data Statistics section to go to the Outbound Traffic > Outbound Domains tab or click Destination IP Addresses to go to the Outbound Traffic > Outbound IP Addresses tab. You can perform the following operations on an at-risk domain name or IP address based on your business requirements to protect your assets: Configure an outbound access control policy to block outbound traffic of assets Click Configure Access Control Policy to go to the Access Control > Internet Border page. For more information, see Create inbound and outbound access control policies for the Internet firewall. View the details of an outbound domain name to determine whether traffic is required for your workloads On the Outbound Domains tab, find an outbound domain name and click Details in the Actions column. In the Outbound Domains panel, view the details of the domain name. On the Outbound Connection Initiated over EIP tab of the panel, view the information about the Elastic Compute Service (ECS) instances that initiated outbound connections. You can also click View Logs in the Actions column to go to the Traffic Logs tab of the Log Audit page. For more information, see Traffic logs. Add a domain name or an IP address to an address book for centralized management On the Outbound Domains or Outbound IP Addresses tab, find a domain name or an IP address, click the icon in the Actions column, and then click Add to Address Book. The system redirects you to the Create Address Book panel of the Address Books page. For more information, see Manage address books. Mark a domain name or an IP address as followed Find a domain name or an IP address, click the icon in the Actions column, and then click Mark as Followed. Unfollow a domain name or an IP address On the Outbound Domains or Outbound IP Addresses tab, click Followed in the upper-right corner. In the Followed panel, unfollow a destination domain name, destination IP address, public IP address, or private IP address. Add a domain name or an IP address to the whitelist On the Outbound Domains or Outbound IP Addresses tab, find a domain name or an IP address, click the icon in the Actions column, and then click Add to Whitelist to add the domain name or IP address to the whitelist. This way, Cloud Firewall no longer analyzes the domain name or IP address, and the information about the domain name or IP address is no longer displayed. You can add up to 100 domain names or IP addresses to the whitelist. The whitelist supports only exact-match domain names. If you add the wildcard domain name .example.com to the whitelist, Cloud Firewall still generates alerts for traffic from service assets to the domain name. We recommend that you add exact-match domain names to the whitelist. Remove a domain name or an IP address from the whitelist On the Outbound Domains or Outbound IP Addresses tab, click Whitelist* in the upper-right corner. In the Whitelist panel, find a domain name or an IP address and then click Remove from Whitelist in the Actions column. This way, the information about the domain name or IP address is displayed on the Outbound Connection page again. View the details of traffic logs to determine whether the traffic is required for your workloads. On the Outbound Domains or Outbound IP Addresses tab, find a domain name or an IP address, click the icon in the Actions column, and then click View Logs. The system redirects you to the Traffic Logs tab of the Log Audit page. For more information, see Traffic logs.
Outbound IP Addresses	The number of at-risk destination IP addresses and the total number of destination IP addresses in outbound connections. The outbound connections are initiated from your business to the IP addresses that are accessible on the Internet.
Outbound Public IP Addresses	The number of at-risk assets and the total number of assets in outbound connections. The outbound connections are initiated from the assets to the Internet by using the public IP addresses of the assets, such as elastic IP addresses (EIPs).	You can click Outbound Public IP Addresses in the Data Statistics section to go to the Outbound Traffic > Outbound Public IP Addresses tab or click Outbound Private IP Addresses to go to the Outbound Traffic > Outbound Private IP Addresses tab. You can perform the following operations on the tabs: Mark an IP address as followed Find an IP address and click Mark as Followed in the Actions column. Unfollow a domain name or an IP address In the upper-right corner, click Followed. In the Followed panel, unfollow a destination domain name, destination IP address, public IP address, or private IP address. View the details of traffic logs to determine whether the traffic is required for your workloads. Find an IP address and click View Logs in the Actions column. The system redirects you to the Traffic Logs tab of the Log Audit page. For more information, see Traffic logs.
Outbound Private IP Addresses	The number of at-risk internal-facing assets and the total number of internal-facing assets in outbound connections. The outbound connections are initiated from the assets to the Internet by using the IP addresses of NAT gateways.
Outbound Connection Protocol	The analysis results of protocols that are used in outbound connections. The outbound connections are initiated from your business to the Internet. The results include the number of unidentified protocols, the total number of used protocols, and the proportion of unidentified protocols to all used protocols.	You can click Outbound Connection Protocol in the Data Statistics section to go to the Outbound Traffic > Outbound Connection Protocol tab. You can perform the following operations on the tab: You can view the details of traffic logs and determine whether the traffic is required for your workloads: Find a protocol and click View Logs in the Actions column. The system redirects you to the Traffic Logs tab of the Log Audit page. For more information, see Traffic logs.

Export the statistics of outbound connections

You can click the icon in the upper-right corner of the Outbound Traffic tab to export the statistics of outbound connections to your computer in the CSV format. The statistics include outbound domain names, outbound destination IP addresses, assets that initiate outbound connections by using public IP addresses, assets that initiate outbound connections by using private IP addresses, and protocols that are used in outbound connections. This allows you to view and analyze the statistics.

Visualized analysis

The Visualized Analysis tab displays the peak traffic of all private and public IP addresses, the traffic trend charts of all IP addresses, and the statistics of outbound traffic. This helps you monitor the outbound traffic of your assets in real time.

Log on to the Cloud Firewall console. In the left-side navigation pane, choose Traffic Analysis > Outbound Connection.
On the Outbound Connection page, click the Visualized Analysis tab.

On the Visualized Analysis tab, specify a time range and view the information. The following table describes the information.

You can select a time range from the drop-down list. You can also specify a custom time range within the previous 30 days.

Parameter	Description	Supported operation
IP Traffic	Private IP Address: This tab displays the peak response traffic of the private IP addresses of ECS instances within the specified time range in descending order.	You can specify a public IP address or a private IP address in the search box, and view the IP address type and peak response traffic of the specified IP address. You can click the icon next to an IP address. The traffic trend chart on the right shows the traffic trend of the IP address. If the IP address type is NAT EIP, you can click the icon to view the data of all private IP addresses that are used for the NAT EIP. You can click the icon next to an IP address. The system redirects to the Log Audit page. You can view the traffic logs of the IP address on the page.
IP Traffic	Public IP Address: This tab displays the peak response traffic of public IP addresses within the specified time range in descending order.
Trends of Traffic	This section displays the trends of peak request and response traffic of specified or all network assets in real time.	You can move the pointer over a position in the trend chart to view the peak request and response traffic at the point in time that corresponds to the position. In the Trends of Traffic section, you can click a point in time on the x-axis to refresh the rankings in the IP Traffic section.
Rankings of Visits by Traffic	This section displays the top 10 destination locations, top 10 destination service providers, top 10 IP address ranges based on session percentages, and the statistics of ports.	None.

You can click View Logs in the upper-right corner of the Trends of Traffic section to go to the Traffic Logs tab of the Log Audit page to view the traffic logs of the Internet firewall. For more information, see Log audit.

References

For more information about the protected Internet traffic bandwidth of Cloud Firewall, see Subscription and Pay-as-you-go.
For more information about how to view the details of inbound traffic to your service assets over the Internet, see Internet Exposure.
What do I do if the volume of my business traffic exceeds the purchased bandwidth of Cloud Firewall?
Intelligence tags are displayed on the Outbound Connection page. What are the meanings of the tags?
How do I troubleshoot network connection failures?
Identify unusual traffic at the Internet border