AliCloud Cloud Firewall is a cloud native cloud boundary network security protection product, which can provide unified Internet boundary, NAT boundary, VPC boundary, host boundary traffic control and security protection, including real-time intrusion prevention combined with intelligence, full flow visual analysis, intelligent access control, log traceability analysis and other capabilities,It is your sharp tool for network boundary protection and equal protection compliance.
Applicable to Internet access control and east-west traffic control
Number of public network IP that can be protected
50
Number of VPCs that can be protected
2
Purchase duration
1 year
Enquiry in progress
Product advantages
Second level access
There is no need to change the network architecture. One click open, second level access, and instant defense.Eliminates complex configurations
Flexible purchase
Small and medium-sized businesses can be paid as you go, and large and medium-sized businesses can be purchased in a monthly package. The purchase methods are rich and flexible
Cloud firewall can expand smoothly and elastically with the business, and the business is insensitive. At the same time, HA is built to ensure high stability
On cloud network boundary security integrated native protection
Refined access controlIt can uniformly manage Internet to business access control policies (north-south) and micro isolation policies between businesses (east-west), and provide 4-7 layers of refined access control, including access control based on IP, ports, applications, domain names, geographical locations, etc.
NAT firewall private network management and controlThe NAT firewall can only allow private network assets to access external designated domain names, applications, IP addresses, ports, geographical locations, etc. through fine control of the traffic of private network IP accessing the public network, effectively protecting the security of the enterprise's internal network and preventing data leakage and malicious attacks.
Intranet VPC isolation controlThe VPC boundary firewall helps you detect and control the traffic between VPCs of the VPC and between VPCs and the local data center, so as to control the access traffic between VPCs and between VPCs and local data, and to achieve fine access control, as well as intranet horizontal attack protection.
Real time intrusion detection and protectionThe cloud firewall has a built-in threat detection engine and threat intelligence, which can block and intercept malicious traffic intrusion activities and conventional attacks on the Internet in real time, including command execution, shell rebound, database attacks, mining trojans, viruses and worms.
Vulnerability virtual patch protectionThe cloud firewall can link with the cloud security center to discover the vulnerabilities of your public network assets that can be exploited by network side attacks, and provide virtual patch attack defense capabilities against such vulnerabilities, including zero day vulnerabilities, to prevent the assets from being invaded due to the exploitation of vulnerabilities in a timely manner.
Active Outreach Detection ProtectionIt supports active network side traffic analysis and detection of resources in the cloud, and assists users in judging malicious connection requests.It can show you the active external traffic session of the asset in real time, and help you find suspicious hosts and lost events in time.
Unified management of multiple accountsThe cloud firewall supports the ability to link AliCloud resource management, helping you achieve centralized security management and control of resources for multiple accounts, including unified asset protection access, unified configuration of security policies, unified attack protection, unified view of log reports, etc., to improve the security operation and maintenance efficiency.
Flow analysis visualizationVisual analysis shows all public network IP traffic information and traffic trend charts, inbound and outbound traffic access top statistics, as well as cross VPC traffic exchange trend charts and distribution, helping you to focus on the traffic trends and exceptions of public network assets and intranet assets in real time.
Comprehensive log audit analysisAll the traffic of the cloud firewall will be recorded in the log audit analysis, including traffic logs, event logs and operation logs, to help you audit your network traffic in real time, such as attack defense payload logs and access control hit logs, to help you achieve audit and traceability.
Application scenarios
Equal assurance compliance scenario
Unified security prevention and control of public network assets
Hybrid cloud scenario management and control
Reinsurance scenario
Equal assurance compliance scenario
Unified security prevention and control of public network assets
Hybrid cloud scenario management and control
Reinsurance scenario
Help you pass the waiting insurance smoothly
The deployment of cloud firewall can meet the specific requirements of equal protection compliance inspection for boundary protection, access control, intrusion prevention, malicious code and spam prevention, security audit, etc. in the second and third levels of equal protection 2.0.
Able to solve
Compliance problem of enterprise over grade guarantee
Deploying cloud firewalls can help enterprises meet the inspection requirements in the Equal Protection 2.0 for area boundary protection, network access control, network intrusion prevention, traffic security audit, etc
Necessary security capabilities for public network asset prevention and control
It provides automatic security protection capability for public network assets, and effectively protects attacks against users' public network assets by combining the network wide threat intelligence capability and virtual patch function.It also provides the sorting of public network assets and the control of public network asset access behavior.
Able to solve
On cloud public network asset exposure risk
Dealing with the security problems faced by the external exposure of cloud assets calmly
Policy specification issues
Help users comprehensively sort out the access policies from outside to inside and from inside to outside
By deploying cloud firewalls between multiple VPCs or between VPCs and IDCs, isolation control and horizontal attack protection between VPCs can be achieved. At the same time, hybrid cloud control scenarios of dedicated line protection between VPCs and IDCs can be supported.
Able to solve
Control and protection between VPCs
Cloud firewall can help you detect and control the traffic between multiple VPCs
VPC-IDC Mutual Access Security Risk
The control and protection capabilities between VPCs are also applicable to VPC-IDC.
Safety protection under strict protection requirements
Cloud firewall provides security guarantee capability for major events, and opens a stricter defense mode for you.When the re protection mode is enabled, the cloud firewall will automatically enable all security protection rules and security engines, improve the sensitivity of the alarm detection engine through intelligent rules, provide alarms for any suspicious intrusion and potential threats, and help you accurately identify and intercept all attacks and threats.
Able to solve
Malicious threat
Expand the blocking section of threat and attack traffic to help you detect more intrusion behaviors and potential threats
Traceability problem
Tracking Internet traffic logs and tracing security threats
Cloud firewall supports public network assets not being protected and intrusion interception not being enabled for alarm notification to improve security effect
View details
2021-01-22 Function optimization
Cloud Firewall Traffic Analysis Active Outreach Statistical Analysis Optimization
View details
2021-01-28 New Features/Specifications
Cloud firewall traffic analysis support report download
View details
2021-02-04 New Features/Specifications
Cloud firewall supports the default intrusion prevention hierarchical interception mode
View details
2021-02-04 New Features/Specifications
Cloud Firewall Log Analysis Added Support Attack Defense Field Query Analysis
View details
2021-02-18 New Features/Specifications
The new overview page of cloud firewall supports statistical display of security protection and asset protection
View details
2021-02-18 Function optimization
Cloud firewall active outreach traffic analysis Threat intelligence tag types are rich
View details
2021-03-04 New Features/Specifications
Cloud firewall loss awareness supports attacks Payload convenient backtracking analysis
View details
2021-03-04 New Features/Specifications
Cloud firewall supports automatic protection alarm notification of new assets