Cloud Firewall is a security barrier for your cloud-based business. It protects against network threats and attacks and lets you configure network security policies.
Network security management for enterprise data centers in the cloud
For scenarios such as migrating services to the cloud or building large data centers, Cloud Firewall helps protect your cloud data. It provides in-depth, network-wide traffic analysis, protects against malicious Internet traffic, and offers custom access control policies.
Internet firewall
The Internet firewall operates at the Internet border. It provides unified management and protection for all inbound and outbound traffic of your public assets. You can use the Internet firewall to apply fine-grained control over traffic between your public assets and the Internet. This reduces the attack surface of your public assets and lowers the security risks for your service traffic.
NAT firewalls
When resources in a VPC, such as ECS and ECI instances, access the Internet through a NAT Gateway, they are exposed to security risks. These risks include unauthorized access, data breaches, and malicious traffic attacks. To mitigate these risks, you can enable NAT firewalls and use Cloud Firewall to block unauthorized traffic.
VPC firewall
The VPC firewall inspects and controls east-west traffic between virtual private clouds (VPCs), and between VPCs and data centers. This traffic passes through an Enterprise Edition transit router, a Basic Edition transit router, or Express Connect. The firewall secures internal-facing traffic between different VPCs, and between a VPC and a data center (VBR), a third-party cloud (VBR), or a VPN.
Internal firewall
The internal firewall manages ECS security groups to control inbound and outbound traffic for ECS instances in a VPC. After you publish an access control policy for the internal firewall, the policy is automatically synchronized to the ECS security groups and takes effect. The firewall also supports security group compliance checks and visualization of security group microsegmentation.
Advanced mitigation for hybrid cloud (data center and cloud) services or cloud-based DMZs
Cloud Firewall provides comprehensive traffic protection. This includes north-south traffic protection for a DMZ and east-west traffic protection between a data center and VPCs. This secures traffic between your on-premises data center and cloud assets, and ensures secure communication for hybrid cloud services. If your DMZ is deployed in the cloud, Cloud Firewall also secures traffic between the DMZ and your on-premises data center.
Security protection for multi-account management
Cloud Firewall integrates with Resource Directory to provide a multi-account management solution. This helps you manage security for resources across multiple accounts and reduce O&M costs. You can enable the multi-account management feature to centrally protect resources across multiple accounts from the Cloud Firewall console. This improves O&M efficiency and reduces costs. You can configure security policies for all accounts from a single console and centrally manage and monitor VPC traffic for each account. This provides comprehensive protection for multiple network borders.
Security protection for major event support and high-confrontation scenarios
Cloud Firewall meets your needs for major event support and high-confrontation security scenarios. It can block IP addresses or domain names in batches, trace and counter attackers, and prevent zero-day vulnerability attacks.
