The following tables list API operations available for use in Cloud Firewall.

Firewall enabling and disabling

Operation Description
DescribeAssetList Queries the assets that are protected by Cloud Firewall.
PutEnableFwSwitch Enables a firewall for specific assets.
PutDisableFwSwitch Disables a firewall for specific assets.
PutEnableAllFwSwitch Enables a firewall for all assets.
PutDisableAllFwSwitch Disables a firewall for all assets.

Access control

Operation Description
AddControlPolicy Creates an access control policy.
DescribeControlPolicy Queries the details about all access control policies.
DescribeDomainResolve Queries the DNS resolution result of a domain name.
DescribePolicyPriorUsed Queries the priority range of access control policies.
ModifyControlPolicy Modifies the configurations of an access control policy.
ModifyControlPolicyPosition Modifies the priority of an access control policy.
DeleteControlPolicy Deletes an access control policy.
DescribePolicyAdvancedConfig Checks whether the strict mode is enabled for an access control policy.
ModifyPolicyAdvancedConfig Enables or disables the strict mode for an access control policy.

VPC firewalls

Operation Description
CreateVpcFirewallControlPolicy Adds an access control policy to a specific policy group for a virtual private cloud (VPC) firewall.
DescribeVpcFirewallControlPolicy Queries the details about all access control policies for a specific VPC firewall.
DescribeVpcFirewallPolicyPriorUsed Queries the priority range of access control policies that are created for a VPC firewall in a specific policy group.
DescribeVpcFirewallAclGroupList Queries the information about all policy groups of access control policies that are created for VPC firewalls.
ModifyVpcFirewallControlPolicy Modifies the configurations of an access control policy that is created for a VPC firewall in a specific policy group.
ModifyVpcFirewallControlPolicyPosition Modifies the priority of an access control policy that is created for a VPC firewall in a specific policy group.
ResetVpcFirewallRuleHitCount Clears the count on hits of an access control policy that is created for a VPC firewall in a specific policy group.
DeleteVpcFirewallControlPolicy Deletes an access control policy from a specific policy group for a VPC firewall.
CreateVpcFirewallConfigure Creates a VPC firewall to protect traffic between two VPCs that are connected by using an Express Connect circuit.
DescribeVpcFirewallDetail Queries the details about a VPC firewall. The VPC firewall protects traffic between two VPCs that are connected by using an Express Connect circuit.
DescribeVpcFirewallList Queries the details about VPC firewalls by page. Each VPC firewall protects traffic between two VPCs that are connected by using an Express Connect circuit.
DeleteVpcFirewallConfigure Deletes a VPC firewall. The VPC firewall protects traffic between two VPCs that are connected by using an Express Connect circuit.
ModifyVpcFirewallConfigure Modifies the configurations of a VPC firewall. The VPC firewall protects traffic between two VPCs that are connected by using an Express Connect circuit.
ModifyVpcFirewallSwitchStatus Enables or disables a VPC firewall. The VPC firewall protects traffic between two VPCs that are connected by using an Express Connect circuit.
BatchCopyVpcFirewallControlPolicy Copies all access control policies from a policy group of a source VPC firewall to a policy group of a destination VPC firewall.
CreateVpcFirewallCenConfigure Creates a VPC firewall to protect traffic between a VPC and a specified network instance that is attached to a Cloud Enterprise Network (CEN) instance.
DeleteVpcFirewallCenConfigure Deletes a VPC firewall. The VPC firewall protects traffic between a VPC and a specified network instance that is attached to a CEN instance.
DescribeVpcFirewallCenList Queries VPC firewalls by page. Each VPC firewall protects traffic between a VPC and a specified network instance that is attached to a CEN instance.
DescribeVpcFirewallCenDetail Queries the details about a VPC firewall. The VPC firewall protects traffic between a VPC and a specified network instance that is attached to a CEN instance.
ModifyVpcFirewallCenConfigure Modifies the configurations of a VPC firewall. The VPC firewall protects traffic between a VPC and a specified network instance that is attached to a CEN instance.
ModifyVpcFirewallCenSwitchStatus Enables or disables a VPC firewall. The VPC firewall protects traffic between a VPC and a specified network instance that is attached to a CEN instance.
DescribeVpcFirewallDefaultIPSConfig Queries the intrusion prevention configurations of a VPC firewall.
ModifyVpcFirewallDefaultIPSConfig Modifies the intrusion prevention configurations of a VPC firewall.

Address books

Operation Description
AddAddressBook Creates an address book for access control. Supported address book types are IP address books, Elastic Compute Service (ECS) tag-based address books, port address books, and domain address books. An ECS tag-based address book includes the public IP addresses of the ECS instances that have specific tags.
DescribeAddressBook Queries the details about an address book for an access control policy.
ModifyAddressBook Modifies an address book for an access control policy.
DeleteAddressBook Deletes an address book for an access control policy.

Centralized account management

Operation Description
ModifyInstanceMemberAttributes Updates the information about members in Cloud Firewall.
DescribeInstanceMembers Queries the information about members in Cloud Firewall.
DeleteInstanceMembers Removes members from Cloud Firewall.
AddInstanceMembers Adds members to Cloud Firewall.

Intrusion prevention

Operation Description
DescribeRiskEventGroup Queries the details about intrusion events.