Getting Started with CFW

Getting Started with CFW

A next-generation cloud native firewall with elastic and flexible services, low deployment costs, and easy and efficient O&M.

A next-generation cloud native firewall with elastic and flexible services, low deployment costs, and easy and efficient O&M.

Enabling CFW Protection in 3 Easy Steps

1. Purchase CFW

1. Purchase CFW

  • 1) Log in to the Huawei Cloud console. On the console page, choose Security & Compliance > Cloud Firewall.

    2) If you are using CFW for the first time, click Buy CFW. On the Buy CFW page, select the edition and any extended packages you need, and the required duration.

  • Note
  • 1) CFW comes in standard and professional editions.

    2) If Auto-renew is selected, the system automatically generates a renewal order based on the subscription period and renews the service before it expires.

2. Enable EIP protection

2. Enable EIP protection

  • 1) In the navigation pane, choose Assets > EIPs. The EIP page is displayed. The EIP information is automatically updated to the list.

    2) In the row of the target EIP, click Enable Protection in the Operation column.

    3) After protection is enabled, the Protection Status changes to Protected.

  • Note
  • After EIP protection is enabled, the default action of CFW is Allow.

3. Configure access control policies.

3. Configure access control policies.

  • 1) In the navigation pane, choose Access Control > Access Policies.

    2) Click Add Rule. In the displayed Add Rule page, configure the rule type, rule name, source, destination, service, action, and priority.

    3) Click OK.

  • Note
  • 1) When EIP protection is enabled, the default status of the access control policy is Allow. If you want to allow only a few EIPs, you are advised to add 0.0.0.0/0 to the protection rule with the lowest priority to block all traffic.

    2) If Direction is set to Outbound, you can configure multiple domain names or a domain name group.

CFW Best Practices

CFW Best Practices