CFW Features

A next-generation cloud native firewall with elastic and flexible services, low deployment costs, and easy and efficient O&M.

Asset Protection

EIP Protection

After the EIP details are synchronized and EIP is enabled, the system automatically checks the security of your cloud assets and can provide protection for external services within seconds.

Inter-VPC Border Protection (Professional Edition)

Inter-VPC protection monitors and controls traffic communication between VPCs, and provides asset protection, access control, full traffic analysis, and intrusion prevention.

Access Control

Access Control Policies

Configure an appropriate access control policy for fine-grained management of the traffic between internal servers and the external network. Access control policies prevent the spread of internal threats and enhance security.

You can also blacklist specific IP addresses, or you can use a whitelist to allow access.

IP Address Groups

An IP address group contains multiple IP addresses. IP address groups free you from the tedium of repeatedly modifying access rules, which can simplify security group rule management.

Service Groups

A service group is a collection of services (protocols, source ports, and destination ports). A service group frees you from repeatedly modifying access rules and simplifies security group rule management.

Domain Name Groups

A domain name group is a collection of domain names or wildcard domain names. Domain name groups mean you are not constantly modifying access rules. They simplify security group rule management.

Online Defense

Virtual Patches

CFW installs hot patches at the network layer, blocks remote attacks in real time, prevents high-risk or critical vulnerabilities from being exploited, and ensures there are no service interruptions while a vulnerability is being fixed.

Custom IPS Signature

You can create custom IPS signatures. CFW will then use these signatures to detect threats in data flows.

Reverse Shell Defense

Detect and defend against reverse shells.

Sensitive Directory Scan Defense

Defend against sensitive directory scan attacks.

Antivirus (Professional Edition)

Antivirus software identifies and handles virus files based on their specific characteristics, preventing them from damaging data, modifying permissions, causing a system crash, or otherwise damaging network security.

The antivirus protection can check access via HTTP, SMTP, POP3, FTP, IMAP4, and SMB.

Log Audit

You can check attack event logs, access control logs, and traffic logs, including attack times and types, risk levels, source and destination ports, and source and destination IP addresses.

System Management

Alarm Notifications

CFW interconnects with Simple Message Notification (SMN) to send you IPS attack logs and excessive traffic warnings via email or SMS.

Network Packet Capture (Professional Edition)

CFW helps you locate network faults and identify attacks.

Multi-Account Management

If your account is managed by an organization, you can use unified asset protection for the EIPs of all member accounts in the organization.