检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A start_time No Long Definition Start time. Constraints N/A Range Milliseconds-level timestamp. Default Value N/A end_time No Long Definition End time.
Range N/A nat Integer Definition NAT access control policy. Range N/A total Integer Definition Total number. Range N/A Table 14 AttackEvent Parameter Type Description changed Integer Definition Number of changes. Range N/A deny Integer Definition Number of blocked objects.
) bound to the EIP. device_name String Name of the device (such as ECS and NAT) bound to the EIP device_owner String Owner of the device (such as ECS and NAT) bound to the EIP. associate_instance_type String Type of the associated instance: NATGW, ELB, or PORT. fw_instance_name String
For a professional edition firewall, one or more EIP, NAT, or EIP and NAT records may be displayed, depending on the imported records. Calling Method For details, see Calling APIs.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A start_time No Long Definition Start time. Constraints N/A Range Milliseconds-level timestamp. Default Value N/A end_time No Long Definition End time.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A start_time No Long Definition Start time. Constraints N/A Range Milliseconds-level timestamp. Default Value N/A end_time No Long Definition End time.
It can be an EIP or NAT rule. Direction Traffic direction of the protection rule. Source The party that initiates a session. Destination The recipient of a session. Service Its value can be TCP, UDP, ICMP, or Any. Source Port: Source ports to be allowed or blocked.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A start_time No Long Definition Start time. Constraints N/A Range Milliseconds-level timestamp. Default Value N/A end_time No Long Definition End time.
The IP addresses can be separated by commas (,), semicolons (;), \r\n, \n), or \t. effect_scope No Array of integers Effective scope: 1 (EIP), 2 (NAT), or [1 2] (EIP and NAT).
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A direction No String Definition Session direction.
Solution Overview When creating a VPN, you need to bind an EIP to connect the VPN gateway to the peer gateway. In this way, you can view the EIP information of the VPN gateway in the CFW protection list.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A item Yes String Definition Aggregation type.
NAT protection: Protect NAT traffic. Private IP addresses can be configured. EIP protection Direction Direction of protected traffic. Inbound: Traffic from external networks to the internal server. Outbound: Traffic from the customer server to external networks.
Figure 1 Internet border traffic protection Introduction to Internet Border Traffic Protection Protected Objects ECSs, NAT gateways, ELBs, and other resources bound to EIPs.
Address: www.example.test.api; Domain Description: api Domain Address: www.test.example.com; Domain Description: a domain name Domain Address: www.example.example.test; Domain Description: XX system Rule-ACL-Table: Order: 1 ACL Name: service A external connection Protection Rule: NAT
Constraints: If type is set to 0 (Internet rule) or 2 (NAT rule), the direction is mandatory. Range: 0: inbound (on-premises to cloud); 1: outbound (cloud to on-premises).
GET/v1/{project_id}/eips/protect cfw:eip:list ecs:cloudServers:list nat:natGateways:list vpc:publicIps:list √ √ Query EIP statistics. GET/v1/{project_id}/eip-count/{object_id} cfw:eipStatistics:get None √ √ Create an ACL rule.
Constraints: If type is set to 0 (Internet rule) or 2 (NAT rule), the direction is mandatory.
To use public network CIDR blocks other than 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or the 100.64.0.0/10 segment reserved for carrier-level NAT as private network CIDR blocks, modify private network CIDR blocks or submit a service ticket to expand your private IP CIDR blocks,
The source and destination addresses must be private IP addresses. 2: NAT rule. The source address must be a private IP address, and the destination address must be an EIP or a domain name.
