Get started with Cloud Firewall that uses the pay-as-you-go billing method - Cloud Firewall

After you purchase Cloud Firewall that uses the pay-as-you-go billing method, you can use Cloud Firewall features, such as attack prevention and access control, to protect your Internet-facing assets. This topic describes how to use Cloud Firewall that uses the pay-as-you-go billing method, including adding assets to Cloud Firewall for protection, configuring protection policies, and viewing protection results.

Flowchart

Prerequisites

Cloud Firewall that uses the pay-as-you-go billing method is purchased. For more information, see Purchase Cloud Firewall.

Step 1: Enable firewalls

The first time you log on to the Cloud Firewall console after you purchase Cloud Firewall that uses the pay-as-you-go billing method, a dialog box in which you can add assets appears. In the dialog box, click Automatic Full Access for Internet-facing Assets or Quick Manual Access for Internet-facing Assets to add the assets that you want to protect.

If you select Automatic Protection for Assets on the Cloud Firewall buy page, all new assets are automatically added to Cloud Firewall for protection. If you do not select Automatic Protection for Assets on the Cloud Firewall buy page, log on to the Cloud Firewall console, choose Firewall Settings > Internet Firewall in the left-side navigation pane, and then enable protection for new assets. For more information, see Internet Firewall.

Step 2: Configure the intrusion prevention feature

(Optional) Configure intrusion prevention policies

Cloud Firewall has a built-in intrusion prevention system (IPS) that can detect and intercept malicious traffic and attacks, such as request payloads and malicious files that contain trojans and webshells, in real time. Cloud Firewall can intelligently block intrusions based on threat intelligence. The IPS detects attacks based on the threat intelligence feature, intrusion prevention rules, intelligent model-based recognition algorithms, and virtual patching feature. For more information, see IPS configuration.

The working modes of the threat detection engine are Monitor Mode and Block Mode. In Monitor working mode, Cloud Firewall only generates alerts for malicious traffic. In Block working mode, Cloud Firewall generates alerts and automatically blocks attack payloads. Cloud Firewall also provides different levels of Block Mode for different types of attacks. The following table describes the usage scenarios of the levels.

Important

When you modify prevention configurations, we recommend that you enable the Monitor working mode. After a trial runs, analyze false positives and then enable the Block working mode based on the analysis result.

For more information about intrusion prevention, see the following topics:

View intrusion prevention results

You can perform the following operations to view intrusion prevention results: Log on to the Cloud Firewall console. In the left-side navigation pane, choose Detection and Response > Intrusion Prevention. Then, view the intrusion prevention results, including the source IP addresses, destination IP addresses, applications, sources, and details of blocking events of blocked traffic. For more information, see Intrusion prevention.

Step 3: View traffic statistics

The traffic analysis feature provides real-time traffic statistics, such as statistics about outbound connections and Internet exposures, to allow you to control traffic in a visualized manner and identify unusual traffic.

Outbound Connection
You can view the domain names and IP addresses of cloud assets on the Outbound Connection page. You can check the configured outbound access control policies based on intelligence tags, access details, and logs. For more information, see Outbound Connection.
Internet Exposure
You can view the services, ports, public IP addresses, and cloud service information that are exposed on the Internet. You can reinforce the access control policies based on recommended intelligent policies and the information about open public IP addresses. For more information, see Internet Exposure.

Important

Traffic statistics are essential information that you can use to configure appropriate access control policies. Before you configure access control policies, we recommend that you view traffic statistics about your assets.

Step 4: Create access control policies

Configure access control policies

If you do not configure an access control policy, Cloud Firewall allows all traffic. You can configure access control policies for the Internet firewall to precisely manage access between your Internet-facing assets and the Internet.

For more information, see Create access control policies for the Internet firewall.
You can configure different access control policies to meet the requirements of different scenarios. For example, you can configure an inbound policy to allow Internet traffic over specific ports, an outbound policy to allow only an Elastic Compute Service (ECS) instance to access a specific domain name, or a policy to deny traffic between ECS instances that are deployed in different virtual private clouds (VPCs). For more information, see Configure access control policies.
Defend against unauthorized access to MongoDB databases

View the hit details of an access control policy

By default, an access control policy immediately takes effect after the policy is created. Log on to the Cloud Firewall console. In the left-side navigation pane, choose Access Control > Internet Border. On the page that appears, check the hit details of an access control policy in the Hits/Last Hit At column of the policy. For more information, see Create access control policies for the Internet firewall.

Step 5: Configure notifications

You can configure notifications to receive notifications when asset attack risks occur or assets are added. This way, you can analyze the status of assets and handle exceptions at the earliest opportunity to ensure asset security. For more information about the notification types that are supported by Cloud Firewall and how to configure notifications, see Notifications.

Step 5: View pay-as-you-go bills

The billing cycle of Cloud Firewall that uses the pay-as-you-go billing method is one day. Bills are generated and fees are deducted from your account balance at 18:00 the next day. You can query the details of the pay-as-you-go bills.

Log on to the Cloud Firewall console.
In the left-side navigation pane, choose System Settings > Bill Management.
On the Bill Management page, view the usage details of Cloud Firewall that uses the pay-as-you-go billing method. The details include statistical data of protected assets, enabled features, and traffic data of protected assets.
Click View Bill Details to view bill details in the Expenses and Costs console. For more information, see Bill details.

References

If you have questions about Cloud Firewall that uses the pay-as-you-go billing method, refer to Pre-sales FAQ.
If you want to know more about the features that are supported by Cloud Firewall that uses the pay-as-you-go billing method, refer to Functions and features.
If you want to reduce the costs of your Cloud Firewall that uses the pay-as-you-go billing method, you can use pay-as-you-go savings plans. For more information, see Pay-as-you-go savings plan.
If you want to change the billing method of Cloud Firewall from pay-as-you-go to subscription, refer to Upgrade and downgrade Cloud Firewall.
If you no longer require Cloud Firewall, you can manually release the service. For more information, see Release Cloud Firewall.