Cloud Firewall (CFW)_Network security_Professional firewall

Cloud Firewall (CFW)

{"_id":"pep-solution-page-navigate-v2_1690334878420","context":{"bg":"white","btnList":[{"btnUrl":"https://www.huaweicloud.com/eu/about/contact-us.html","btnText":"Contact Us","btnStyle":"por-btn-primary"}],"moreText":"","actionInfo":{"title":"Cloud Firewall (CFW)","titleUrl":"","actionList":[{"isBlank":false,"actionUrl":"https://www.huaweicloud.com/eu/product/cfw.html","isChecked":false,"actionName":"Overview","selectMenu":{"selectList":[{"url":"https://www.huaweicloud.com","name":"开发者资源开发者资源开发者资源","isBlank":false},{"url":"https://www.huaweicloud.com","name":"客户案例","isBlank":false},{"url":"https://www.huaweicloud.com","name":"最佳实践","isBlank":false}]},"isShowSelect":false},{"isBlank":false,"actionUrl":"https://www.huaweicloud.com/eu/product/cfw/features.html","isChecked":false,"actionName":"Features","selectMenu":{"selectList":[{"url":"","name":"","isBlank":false},{"url":"","name":"","isBlank":false}]},"isShowSelect":false},{"isBlank":false,"actionUrl":"https://www.huaweicloud.com/eu/product/cfw/pricing.html","isChecked":false,"actionName":"Pricing","selectMenu":{"selectList":[{"url":"https://www.huaweicloud.com","name":"开发者资源开发者资源开发者资源","isBlank":false},{"url":"https://www.huaweicloud.com","name":"客户案例","isBlank":false},{"url":"https://www.huaweicloud.com","name":"最佳实践","isBlank":false}]},"isShowSelect":false},{"isBlank":false,"actionUrl":"https://www.huaweicloud.com/eu/product/cfw/getting-started.html","isChecked":true,"actionName":"Getting Started","selectMenu":{"selectList":[{"url":"https://www.huaweicloud.com","name":"开发者资源","isBlank":false},{"url":"https://www.huaweicloud.com","name":"客户案例","isBlank":false},{"url":"https://www.huaweicloud.com","name":"最佳实践","isBlank":false}]},"isShowSelect":false},{"isBlank":false,"actionUrl":"https://www.huaweicloud.com/eu/product/cfw/resources.html","isChecked":false,"actionName":"Resources","selectMenu":{"selectList":[{"url":"https://www.huaweicloud.com","name":"开发者资源开发者资源开发者资源","isBlank":false},{"url":"https://www.huaweicloud.com","name":"客户案例","isBlank":false},{"url":"https://www.huaweicloud.com","name":"最佳实践","isBlank":false}]},"isShowSelect":false}],"mobileSelectText":""},"columnNumberMB":"2"},"advancedInfo":{"isShowBtn":true,"isShowTitle":true}}

A next-generation cloud native firewall with elastic and flexible services, low deployment costs, and easy and efficient O&M.

Enabling CFW Protection in 3 Easy Steps

1. Purchase CFW

1) Log in to the Huawei Cloud console. On the console page, choose Security & Compliance > Cloud Firewall.
2) If you are using CFW for the first time, click Buy CFW. On the Buy CFW page, select the edition and any extended packages you need, and the required duration.
Note
1) CFW comes in standard and professional editions.
2) If Auto-renew is selected, the system automatically generates a renewal order based on the subscription period and renews the service before it expires.

Learn More

2. Enable EIP protection

1) In the navigation pane, choose Assets > EIPs. The EIP page is displayed. The EIP information is automatically updated to the list.
2) In the row of the target EIP, click Enable Protection in the Operation column.
3) After protection is enabled, the Protection Status changes to Protected.
Note
After EIP protection is enabled, the default action of CFW is Allow.

Learn More

3. Configure access control policies.

1) In the navigation pane, choose Access Control > Access Policies.
2) Click Add Rule. In the displayed Add Rule page, configure the rule type, rule name, source, destination, service, action, and priority.
3) Click OK.
Note
1) When EIP protection is enabled, the default status of the access control policy is Allow. If you want to allow only a few EIPs, you are advised to add 0.0.0.0/0 to the protection rule with the lowest priority to block all traffic.
2) If Direction is set to Outbound, you can configure multiple domain names or a domain name group.

Learn More

CFW Best Practices

This document describes how to use CFW, including enabling EIP protection, enabling the intrusion prevention, configuring access policies, viewing network traffic, and viewing log audit.

Configuring Access Policies for IP Address Groups and Service Groups

After a protected object is connected to CFW, you can configure access control policies for IP address groups and service groups, and verify the effect of the policies. This section uses the configuration of IP address and service groups as an example to describe how to configure IP address and service access control policies in batches.

Getting Started with CFW

Getting Started with CFW

Enabling CFW Protection in 3 Easy Steps

CFW Best Practices

CFW Best Practices

CFW Best Practices

Configuring Access Policies for IP Address Groups and Service Groups