检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Configuring a NAT Protection Rule After verifying the traffic flow, configure protection rules so that the CFW can allow or block traffic accordingly. Configuring a NAT Protection Rule Log in to the management console.
For details, see Configuring Protection Rules to Block or Allow NAT Gateway Border Traffic. Protect the access traffic between VPCs, or between a VPC and an IDC. For details, see Configuring Protection Rules to Block or Allow VPC Border Traffic.
If you want to export an IP address blacklist whose effective scope is NAT, set the name to ip-blacklist-nat.txt.
CFW can protect all cloud resources (EIPs, VPCs, and NAT gateways) in the current region and under the current account. Enable enterprise management , and select an enterprise project when purchasing CFW. In this case, CFW bills belong to this project.
Modifying a Private CIDR Block To use public network CIDR blocks other than 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or the 100.64.0.0/10 segment reserved for carrier-level NAT as private network CIDR blocks, modify the CIDR private network segment or submit a service ticket to
string Protocol type app string Application type src_region_name string Source region name src_region_id string Source region ID dst_region_name string Destination region name dst_region_id string Destination region ID log_type string Log type. internet: Internet border traffic log nat
EIP NAT (Only the professional edition can protect NAT traffic.) Content Type Selects a type. File upload: Click Add. Only files in .txt or .csv format can be uploaded or text input is supported. Text input: Enter an IP address in the IP Address text box.
Figure 1 Traffic between a VPC and an IDC Figure 2 Traffic between VPCs Introduction to VPC Border Traffic Protection Supported Protected Objects VPC Virtual gateway (VGW) attachment VPN Global DC gateway (DGW) Protection Specifications The protection specifications of a VPC border
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A type Yes String Definition Log type.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A direction No String Definition Session direction.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A direction No String Definition Session direction.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A type Yes String Definition Log type.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A start_time No Long Definition Start time. Constraints N/A Range Milliseconds-level timestamp. Default Value N/A end_time No Long Definition End time.
Request Parameters Table 3 Request body parameters Parameter Mandatory Type Description effect_scope No Array of integers Effective scope: 1 (the effective scope for deletion is EIP), 2 (the effective scope for deletion is NAT), 1,2 (the effective scope for deletion is EIP and NAT
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A direction No String Definition Session direction.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A direction No String Definition Session direction.
The Elastic Cloud Servers (ECSs), NAT gateways, Elastic Load Balance (ELB), or other resources that are bound to EIPs can be protected.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A item Yes String Definition Aggregation type.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A start_time No Long Definition Start time. Constraints N/A Range Milliseconds-level timestamp. Default Value N/A end_time No Long Definition End time.
Range N/A nat Integer Definition NAT access control policy. Range N/A total Integer Definition Total number. Range N/A Table 14 AttackEvent Parameter Type Description changed Integer Definition Number of changes. Range N/A deny Integer Definition Number of blocked objects.
