检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Configuring Protection Rules to Block or Allow NAT Gateway Border Traffic After protection is enabled, CFW allows all traffic by default. You can configure protection rules to block or allow traffic.
NAT gateway traffic refers to the traffic between a NAT gateway and the Internet. It can be protected in two scenarios: If the EIP bound to the NAT gateway is used to connect to the Internet, CFW protects all traffic passing through the NAT gateway.
None Introduction Introduction 03:05 Cloud Firewall Service Introduction Features Traffic Protection at the Internet Border 03:15 Traffic Protection at the Internet Border VPC Border Traffic Protection 10:09 VPC Border Traffic Protection NAT Gateway Traffic Protection 04:18 NAT Gateway
For details about how to enable traffic protection for private IP addresses, see Enabling NAT Gateway Traffic Protection.
The professional edition supports NAT rules. protected_resource_nat_id String ID of the NAT gateway to be protected. The professional edition supports NAT rules. protected_resource_project_id String Tenant ID of a protected resource.
CFW Protection Enabling Internet Border Traffic Protection Enabling VPC Border Traffic Protection Enabling NAT Gateway Traffic Protection
Configuring a Protection Rule to Protect SNAT Traffic SNAT Protection Overview Resource and Cost Planning Connecting VPC1 and VPC-NAT to an Enterprise Router Configuring a NAT Gateway Configuring a Route Table for VPC1 Configuring a NAT Protection Rule
Table 1 Overview Scenario Operation Guide Buy CFW Purchasing Yearly/Monthly Cloud Firewall Purchasing a Pay-per-Use CFW Use CFW Enable CFW Internet Border Traffic Protection VPC Border Traffic Protection NAT Gateway Traffic Protection Configure ACL rules Access Control Policy Overview
Configuring an Access Control Policy Configuring Protection Rules to Block or Allow Internet Border Traffic Configuring Protection Rules to Block or Allow VPC Border Traffic Configuring Protection Rules to Block or Allow NAT Gateway Border Traffic Example 1: Allowing the Inbound Traffic
SNAT Protection Configuration Assume your private IP address is 10.1.1.2 and the external domain name accessed through the NAT gateway is www.example.com.
For details about how to enable NAT gateway traffic protection, see Enabling NAT Gateway Traffic Protection. Parent Topic: System Management
For details about how to allow cloud resources to access specified domain names through the NAT gateway, see Configuring a Protection Rule to Protect SNAT Traffic.
Configuring a NAT Gateway Prerequisites A NAT gateway has been purchased and its VPC has not been associated with any cloud resources (such as cloud servers). If there are no NAT gateways available, buy a public NAT gateway. For details about NAT gateway pricing, see Billing.
SNAT Protection Overview Context The CFW standard edition protects traffic between EIPs, for example, traffic generated when the Network Address Translation (NAT) gateway is used for multiple VPCs or subnets to use EIPs to initiate external access.
Table 1 Resource description Resource Description Quantity Cost NAT Gateway Protected resource. 1 For details about the billing modes and standards, see NAT Gateway Billing. Elastic IP (EIP) EIP bound to the NAT gateway.
For details about how to protect the traffic of private network assets at the Internet border, see Configuring Protection Rules to Block or Allow NAT Gateway Border Traffic.
NAT Gateway NAT Gateway provides public and private NAT gateways. A public NAT gateway provides SNAT and DNAT to let cloud servers in a VPC use an EIP to communicate with the Internet. CFW protects the NAT gateway traffic by protecting the VPC where the NAT gateway resides.
For details about how to protect the traffic of private network assets at the Internet border, see Configuring Protection Rules to Block or Allow NAT Gateway Border Traffic.
For details, see Configuring Protection Rules to Block or Allow NAT Gateway Border Traffic. CAUTION: If your IP address is a back-to-source WAF IP address, you are advised to configure a protection rule or the whitelist to allow its access.
NAT gateway protection comes in the following scenarios: The EIP bound to a NAT gateway can be protected. Only the traffic of the EIP will be audited.