{"_id":"pep-solution-page-navigate-v2_1690334878420","context":{"bg":"white","btnList":[{"btnUrl":"https://www.huaweicloud.com/intl/en-us/contact-sales.html","btnText":"Contact Us","btnStyle":"por-btn-primary"}],"moreText":"","actionInfo":{"title":"Cloud Firewall (CFW)","titleUrl":"","actionList":[{"isBlank":false,"actionUrl":"https://www.huaweicloud.com/intl/en-us/product/cfw.html","isChecked":false,"actionName":"Overview","selectMenu":{"selectList":[{"url":"https://www.huaweicloud.com","name":"开发者资源开发者资源开发者资源","isBlank":false},{"url":"https://www.huaweicloud.com","name":"客户案例","isBlank":false},{"url":"https://www.huaweicloud.com","name":"最佳实践","isBlank":false}]},"isShowSelect":false},{"isBlank":false,"actionUrl":"https://www.huaweicloud.com/intl/en-us/product/cfw/features.html","isChecked":false,"actionName":"Features","selectMenu":{"selectList":[{"url":"","name":"","isBlank":false},{"url":"","name":"","isBlank":false}]},"isShowSelect":false},{"isBlank":false,"actionUrl":"https://www.huaweicloud.com/intl/en-us/product/cfw/pricing.html","isChecked":false,"actionName":"Pricing","selectMenu":{"selectList":[{"url":"https://www.huaweicloud.com","name":"开发者资源开发者资源开发者资源","isBlank":false},{"url":"https://www.huaweicloud.com","name":"客户案例","isBlank":false},{"url":"https://www.huaweicloud.com","name":"最佳实践","isBlank":false}]},"isShowSelect":false},{"isBlank":false,"actionUrl":"https://www.huaweicloud.com/intl/en-us/product/cfw/getting-started.html","isChecked":true,"actionName":"Getting Started","selectMenu":{"selectList":[{"url":"https://www.huaweicloud.com","name":"开发者资源","isBlank":false},{"url":"https://www.huaweicloud.com","name":"客户案例","isBlank":false},{"url":"https://www.huaweicloud.com","name":"最佳实践","isBlank":false}]},"isShowSelect":false},{"isBlank":false,"actionUrl":"https://www.huaweicloud.com/intl/en-us/product/cfw/resources.html","isChecked":false,"actionName":"Resources","selectMenu":{"selectList":[{"url":"https://www.huaweicloud.com","name":"开发者资源开发者资源开发者资源","isBlank":false},{"url":"https://www.huaweicloud.com","name":"客户案例","isBlank":false},{"url":"https://www.huaweicloud.com","name":"最佳实践","isBlank":false}]},"isShowSelect":false}],"mobileSelectText":""},"columnNumberMB":"2"},"advancedInfo":{"isShowBtn":true,"isShowTitle":true}}

A next-generation cloud native firewall with elastic and flexible services, low deployment costs, and easy and efficient O&M.

Enabling CFW Protection in 3 Easy Steps

1. Purchase CFW

1) Log in to the Huawei Cloud console. On the console page, choose Security & Compliance > Cloud Firewall.
2) If you are using CFW for the first time, click Buy CFW. On the Buy CFW page, select the edition and any extended packages you need, and the required duration.
Note
1) CFW comes in standard and professional editions. For details, see Editions .
2) If Auto-renew is selected, the system automatically generates a renewal order based on the subscription period and renews the service before it expires.

Learn More

2. Enable EIP protection

1) In the navigation pane, choose Assets > EIPs. The EIP page is displayed. The EIP information is automatically updated to the list.
2) In the row of the target EIP, click Enable Protection in the Operation column.
3) After protection is enabled, the Protection Status changes to Protected.
Note
After EIP protection is enabled, the default action of CFW is Allow.

Learn More

3. Configure access control policies.

1) In the navigation pane, choose Access Control > Access Policies.
2) Click Add Rule. In the displayed Add Rule page, configure the rule type, rule name, source, destination, service, action, and priority.
3) Click OK.
Note
1) When EIP protection is enabled, the default status of the access control policy is Allow. If you want to allow only a few EIPs, you are advised to add 0.0.0.0/0 to the protection rule with the lowest priority to block all traffic.
2) If Direction is set to Outbound, you can configure multiple domain names or a domain name group.

Learn More

CFW Best Practices

This document describes how to use CFW, including enabling EIP protection, enabling the intrusion prevention, configuring access policies, viewing network traffic, and viewing log audit.

Configuring Access Policies for IP Address Groups and Service Groups

After a protected object is connected to CFW, you can configure access control policies for IP address groups and service groups, and verify the effect of the policies. This section uses the configuration of IP address and service groups as an example to describe how to configure IP address and service access control policies in batches.

Configuring a VPC Border Firewall

A VPC border firewall can collect statistics on communication traffic between VPCs, helping you detect abnormal traffic. When configuring the VPC border firewall, you need to enable the network between CFW and VPCs. This section describes how to configure the network.

SNAT Protection Overview

The CFW professional edition provides more fine-grained access control, for example, on the traffic generated when private IP addresses are used to initiate access to the public network. This section describes how to configure the CFW professional edition to protect access from private IP addresses to the public network in the SNAT scenario.

Getting Started with CFW

Getting Started with CFW

Enabling CFW Protection in 3 Easy Steps

CFW Best Practices

CFW Best Practices

CFW Best Practices

Configuring Access Policies for IP Address Groups and Service Groups

Configuring a VPC Border Firewall

SNAT Protection Overview