Differences between the features supported by different Cloud Firewall editions - Cloud Firewall

Before you purchase Cloud Firewall, you must select a Cloud Firewall edition based on your business requirements, the features supported by different Cloud Firewall editions, and costs. Therefore, you must understand the features supported by different Cloud Firewall editions.

Cloud Firewall features

The following table describes the features supported by different Cloud Firewall editions.

Note

: The feature is not supported by the edition.
: The feature is supported by the edition.

Feature	Description	Free Edition	Cloud Firewall that uses the pay-as-you-go billing method	Premium Edition	Enterprise Edition	Ultimate Edition	References
Firewall settings	The feature protects traffic between the Internet and your public IP addresses, including IPv4 addresses and IPv6 addresses. Note Cloud Firewall that uses the pay-as-you-go billing method supports only IPv4 addresses.						Internet Firewall
	The feature protects traffic between virtual private clouds (VPCs) and traffic between a VPC and a data center.						VPC Firewall
	The feature protects traffic that originates from private IP addresses and is destined for the Internet.						NAT Firewall
Data overview	The feature displays the traffic topologies of cloud assets that are protected by Cloud Firewall.						Data overview
Data overview	The feature provides an overview of defense features that are supported by Cloud Firewall and displays statistics about access traffic and detected risks within the previous seven days.						Data overview
Access control	The feature supports two-way access control on the north-south traffic of Internet-facing assets. This effectively prevents attacks and intrusions, and strictly controls the traffic of outbound connections.						Create access control policies for the Internet firewall
	The feature supports access control on traffic between VPCs and traffic between a VPC and a data center. The feature blocks unauthorized traffic.						Create an access control policy for a NAT firewall
	The feature supports access control on traffic between VPCs and traffic between a VPC and a data center. The feature blocks unauthorized traffic and allows trusted traffic.						Create an access control policy for a VPC firewall
	The feature supports two-way access control on the east-west traffic of Elastic Compute Service (ECS) instances. The feature blocks unauthorized access between ECS instances.						Create an access control policy for an internal firewall
	The feature detects vulnerable rules in ECS security groups and provides suggestions to handle the rules. This way, you can use security groups in a more secure and efficient manner.						Check security groups
Traffic analysis	The feature monitors outbound connections of cloud assets in real time.						Outbound Connection
	The feature collects statistics about cloud assets that are protected by Cloud Firewall, and provides visualized analysis reports. The statistics include IP addresses, ports, and applications that are exposed on the Internet.						Internet Exposure
	The feature monitors traffic between connected VPCs in real time. This helps you dynamically obtain VPC traffic data and identify and handle unusual traffic at the earliest opportunity.						VPC Access
Intrusion prevention	The feature provides the built-in threat detection engine and allows you to configure prevention rules. This helps you detect and block intrusions in a more accurate manner. The feature displays the data of intrusion prevention, vulnerability prevention, and breach awareness in real time. You can view the details of attack prevention and solutions to intrusions that are detected by the threat detection engine in real time. Implementation of the threat detection engine Threat intelligence The feature synchronizes the threat intelligence libraries of all malicious IP addresses and domain names that are detected across Alibaba Cloud, including the IP addresses and domain names of malicious visitors, scanners, and command-and-control servers. The feature defends against potential threats and blocks attack behavior to prevent large-scale attacks. Basic protection The feature precisely intercepts common attacks, such as malicious port scanning, brute-force cracking, remote code execution, and vulnerability exploitation based on the intrusion prevention rules that are accumulated in attack and defense practices of Alibaba Cloud. This helps you protect assets against mining or ransomware. Intelligent defense The feature identifies unknown attacks based on AI technologies and a large amount of data about attacks and attack characteristics. The feature also improves detection of more sophisticated attacks. Virtual patching The feature supports installation-free virtual patches for business systems. The feature provides precision defense against common vulnerabilities, zero-day vulnerabilities, and N-day vulnerabilities. Protection whitelist The feature allows you to configure whitelists to allow normal traffic that may have attack characteristics. This ensures that your business can run as expected.						IPS configuration Intrusion prevention Vulnerability prevention Breach awareness
Log analysis	The feature supports log audit for event tracing and troubleshooting. By default, the feature retains logs for seven days. Supported log types Event log: records the data of events on traffic that passes through Cloud Firewall and hits access control policies. You can view the following information in an event log: the time when an event occurred, threat type, source IP address, destination IP address, application type, and severity. Traffic log: records the data of traffic that passes through Cloud Firewall. You can analyze the traffic and traffic source by using the log analysis feature when an event occurs, and check whether a configured access control policy takes effect. Operation log: records all configurations of Cloud Firewall and the operations that are performed on Cloud Firewall, such as enabling or disabling a firewall and modifying intrusion prevention configurations.						Log audit
Log analysis	The feature automatically collects, stores, and analyzes logs on inbound and outbound traffic in real time and supports real-time monitoring and alerting based on specific metrics. This ensures timely responses to exceptions that occur in critical workloads. The logs can be stored for 7 to 365 days.						Enable the log analysis feature
Business visualization	The feature allows you to create custom groups to build relationships between the applications of your cloud assets and application groups or business groups. The feature provides information and access relationships of your cloud assets.						Custom groups View security groups Visualize application groups
Multi-account management	The feature supports centralized management of multiple accounts. You can share resources and protect access across multiple accounts.						Use the multi-account management feature
Asset exception notification	The feature allows you to receive notifications for exceptions that are detected by Cloud Firewall by text message or email at the earliest opportunity. The exceptions include unusual traffic, compromised hosts, suspicious outbound connections, vulnerabilities, unprotected public IP addresses, and disabled intrusion prevention. Note Cloud Firewall Free Edition supports only the Weekly Report notification item.						Configure notifications

References

For more information about the features of Cloud Firewall, see Pre-sales FAQ.
For more information about the subscription billing method of Cloud Firewall Premium Edition, Enterprise Edition, and Ultimate Edition, see Subscription.
For more information about the pay-as-you-go billing method of Cloud Firewall, see Pay-as-you-go.
For more information about how to purchase Cloud Firewall, see Purchase Cloud Firewall.