You can check basic information about firewall instances, resource protection, and more statistics.
Assets
Manage and view data and information about your EIPs and VPCs.
Access Control
You can control traffic at Internet and VPC borders based on IP addresses, regions, and domain names.
You can use the policy assistant to quickly check protection rule hits and adjust rules in a timely manner.
Attack Defense
IPS: It provides you with basic protection functions, and, with many years of attack defense experience, it detects and defends against a wide range of common network attacks and effectively protects your assets.
Basic defense rule database: It provides threat detection and vulnerability scan based on the built-in IPS rule database. It can scan traffic for phishing, Trojans, worms, hacker tools, spyware, brute-force attacks, vulnerability exploits, SQL injection attacks, XSS attacks, and web attacks. It can also detect protocol anomalies, buffer overflow, access control, suspicious DNS activities, and other suspicious behaviors.
Note
In the basic protection rule database, you can manually modify protection actions.
You can query rule information by rule ID, signature name, risk level, update time, CVE ID, attack type, rule group, and current action in the basic protection rule database.
Virtual patch database: Hot patches are provided for IPS at the network layer to intercept high-risk remote attacks in real time and prevent service interruption during vulnerability fixing.
New IPS rules are displayed in the virtual patch rule library. A new IPS rule will be added to the virtual patch rule library first and then to the IPS rule library.
Custom IPS signature: You can customize IPS signature rules. CFW will detect threats in data traffic based on signatures.
Note
HTTP, TCP, UDP, POP3, SMTP and FTP protocols can be configured in user-defined IPS signatures.
Sensitive directory scan defense: It defends against scan attacks on sensitive directories on your servers.
Reverse shell defense: It defends against reverse shells.
Anti-virus: This function identifies and processes virus files through virus feature detection to prevent data damage, permission change, and system breakdown.
The antivirus function can check access via HTTP, SMTP, POP3, FTP, IMAP4, and SMB.
Security dashboard: You can easily check attack defense information on the security dashboard and adjust defense policies in a timely manner.
Traffic Analysis
The following traffic statistics are displayed:
Inbound traffic: statistics on the total inbound traffic from the Internet to ECSs
Outbound traffic: statistics on the traffic generated when cloud servers proactively access the Internet
Inter-VPC access: inbound and outbound traffic statistics between VPCs
Log Audit
You can check the following types of logs:
Attack event logs, which contain details about intrusions
Access control logs, which contain details about what access is allowed and what is blocked
Traffic logs, which contain the access traffic of specific services
You can use Log Tank Service (LTS) to record all CFW logs, including attack event, access control, and traffic logs.
System Management
DNS configuration: The DNS server resolves and delivers IP addresses.
Security report: Generates log reports to help you learn about the security status of assets in a timely manner.
The load balancing component distributes user traffic to the tenant firewall engine for security check and protection, and then sends the traffic to the target ECS. This engine provides various detection functions and flexible blocking policies.
TCP, UDP, ICMP, and Any
Protection for the border of Internet and VPC
last updated: 2025-01-21 13:19 UTC - commit: abe94c6df6d30c3b44340c2119ffd81f9990504a