After the EIP details are synchronized and EIP is enabled, the system automatically checks the security of your cloud assets and can provide protection for external services within seconds.

Inter-VPC protection monitors and controls traffic communication between VPCs, and provides asset protection, access control, full traffic analysis, and intrusion prevention.

Configure an appropriate access control policy for fine-grained management of the traffic between internal servers and the external network. Access control policies prevent the spread of internal threats and enhance security.

You can also blacklist specific IP addresses, or you can use a whitelist to allow access.

An IP address group contains multiple IP addresses. IP address groups free you from the tedium of repeatedly modifying access rules, which can simplify security group rule management.

A service group is a collection of services (protocols, source ports, and destination ports). A service group frees you from repeatedly modifying access rules and simplifies security group rule management.

A domain name group is a collection of domain names or wildcard domain names. Domain name groups mean you are not constantly modifying access rules. They simplify security group rule management.

CFW installs hot patches at the network layer, blocks remote attacks in real time, prevents high-risk or critical vulnerabilities from being exploited, and ensures there are no service interruptions while a vulnerability is being fixed.

You can create custom IPS signatures. CFW will then use these signatures to detect threats in data flows.

Detect and defend against reverse shells.

Defend against sensitive directory scan attacks.

Antivirus software identifies and handles virus files based on their specific characteristics, preventing them from damaging data, modifying permissions, causing a system crash, or otherwise damaging network security.

The antivirus protection can check access via HTTP, SMTP, POP3, FTP, IMAP4, and SMB.

You can check attack event logs, access control logs, and traffic logs, including attack times and types, risk levels, source and destination ports, and source and destination IP addresses.

CFW interconnects with Simple Message Notification (SMN) to send you IPS attack logs and excessive traffic warnings via email or SMS.

CFW helps you locate network faults and identify attacks.

If your account is managed by an organization, you can use unified asset protection for the EIPs of all member accounts in the organization.