lbelejka/cloud-firewall
1
0
Fork 0
forked from docs/cloud-firewall
Code Pull Requests Activity

Update content

Browse Source
This commit is contained in:
OpenTelekomCloud Proposal Bot 2024-06-03 09:20:09 +00:00
parent 89ab95b8f5
commit ce759726a8
48 changed files with 359 additions and 278 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
umn/source/_static/images/en-us_image_0000001525649726.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 766 B

BIN
umn/source/_static/images/en-us_image_0000001658973104.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 18 KiB

BIN
umn/source/_static/images/en-us_image_0000001858653300.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 283 B

BIN
umn/source/_static/images/en-us_image_0000001858812060.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

BIN
umn/source/_static/images/en-us_image_0000001904972049.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

226
umn/source/auditing_logs/log_management/adding_alarm_notifications.rst
View File

File diff suppressed because it is too large Load Diff

2
umn/source/auditing_logs/log_management/changing_the_log_storage_duration.rst
View File

@ -23,6 +23,6 @@ Procedure
.. note::
- Logs can be stored for 1 to 360 days. Logs that exceed the specified storage duration are automatically deleted.
- The longer the storage duration, the larger the occupied storage. For details about how to dump logs to other cloud services for long-term storage, see .
- The longer the storage duration, the larger the occupied storage. For details about how to dump logs to other cloud services for long-term storage, see **Log Tank Service User Guide> Log Transfer**.
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png

2
umn/source/auditing_logs/log_management/log_field_description.rst
View File

@ -51,6 +51,8 @@ Attack Event Logs
| | | |
| | | - **permit** |
| | | - **deny** |
| | | - **block** |
| | | - **drop** |
+-----------------------+-----------------------+-----------------------------------------------------------+
| packet | string | Original data packet of the attack log. |
| | | |

70
umn/source/auditing_logs/querying_logs.rst
View File

@ -40,41 +40,41 @@ Attack Event Logs
.. table:: **Table 1** Attack event log parameters
+----------------------------+-----------------------------------------------------------------------------------------+
| Parameter | Description |
+============================+=========================================================================================+
| Time | Time when an attack occurred. |
+----------------------------+-----------------------------------------------------------------------------------------+
| Attack Event Type | Type of the attack event, including IMAP, DNS, FTP, HTTP, POP3, TCP, and UDP. |
+----------------------------+-----------------------------------------------------------------------------------------+
| Severity | It can be **Critical**, **High**, **Medium**, or **Low**. |
+----------------------------+-----------------------------------------------------------------------------------------+
| Rule ID | Rule ID |
+----------------------------+-----------------------------------------------------------------------------------------+
| Hit Rule Name | Matched rule in the library. |
+----------------------------+-----------------------------------------------------------------------------------------+
| Source IP Address | Source IP address of an attack event. |
+----------------------------+-----------------------------------------------------------------------------------------+
| Source Country/Region | Geographical location of the attack source IP address. |
+----------------------------+-----------------------------------------------------------------------------------------+
| Source Port | Source port of an attack. |
+----------------------------+-----------------------------------------------------------------------------------------+
| Destination IP Address | Attacked IP address. |
+----------------------------+-----------------------------------------------------------------------------------------+
| Destination Country/Region | Geographical location of the attack target IP address. |
+----------------------------+-----------------------------------------------------------------------------------------+
| Destination Port | Destination port of an attack. |
+----------------------------+-----------------------------------------------------------------------------------------+
| Protocol | Protocol type of an attack. |
+----------------------------+-----------------------------------------------------------------------------------------+
| Application | Application type of an attack. |
+----------------------------+-----------------------------------------------------------------------------------------+
| Direction | It can be outbound or inbound. |
+----------------------------+-----------------------------------------------------------------------------------------+
| Action | Action taken on an event. It can be **Observe**, **Block**, or **Allow**. |
+----------------------------+-----------------------------------------------------------------------------------------+
| Operation | You can click **Details** to view the basic information and attack payload of an event. |
+----------------------------+-----------------------------------------------------------------------------------------+
+----------------------------+-------------------------------------------------------------------------------------+
| Parameter | Description |
+============================+=====================================================================================+
| Time | Time when an attack occurred. |
+----------------------------+-------------------------------------------------------------------------------------+
| Attack Type | Type of the attack event, including IMAP, DNS, FTP, HTTP, POP3, TCP, and UDP. |
+----------------------------+-------------------------------------------------------------------------------------+
| Severity | It can be **Critical**, **High**, **Medium**, or **Low**. |
+----------------------------+-------------------------------------------------------------------------------------+
| Rule ID | Rule ID |
+----------------------------+-------------------------------------------------------------------------------------+
| Rule Name | Matched rule in the library. |
+----------------------------+-------------------------------------------------------------------------------------+
| Source IP Address | Source IP address of an attack event. |
+----------------------------+-------------------------------------------------------------------------------------+
| Source Country/Region | Geographical location of the attack source IP address. |
+----------------------------+-------------------------------------------------------------------------------------+
| Source Port | Source port of an attack. |
+----------------------------+-------------------------------------------------------------------------------------+
| Destination IP Address | Attacked IP address. |
+----------------------------+-------------------------------------------------------------------------------------+
| Destination Country/Region | Geographical location of the attack target IP address. |
+----------------------------+-------------------------------------------------------------------------------------+
| Destination Port | Destination port of an attack. |
+----------------------------+-------------------------------------------------------------------------------------+
| Protocol | Protocol type of an attack. |
+----------------------------+-------------------------------------------------------------------------------------+
| Application | Application type of an attack. |
+----------------------------+-------------------------------------------------------------------------------------+
| Direction | It can be outbound or inbound. |
+----------------------------+-------------------------------------------------------------------------------------+
| Action | The value can be **Allow**, **Block**, **Block IP**, or **Discard**. |
+----------------------------+-------------------------------------------------------------------------------------+
| Operation | You can click Details to view the basic information and attack payload of an event. |
+----------------------------+-------------------------------------------------------------------------------------+
.. _cfw_01_0139__section8485135919336:

16
umn/source/change_history.rst
View File

@ -5,8 +5,14 @@
Change History
==============
========== ===================================
Date Description
========== ===================================
2024-04-30 This is the first official release.
========== ===================================
+-----------------------------------+-----------------------------------------------------------------------------------------+
| Date | Description |
+===================================+=========================================================================================+
| 2024-05-28 | This is the second official release. |
| | |
| | Added: |
| | |
| | The concept of defense traffic in section :ref:`Concepts Related to CFW <cfw_01_0057>`. |
+-----------------------------------+-----------------------------------------------------------------------------------------+
| 2024-04-30 | This is the first official release. |
+-----------------------------------+-----------------------------------------------------------------------------------------+

6
umn/source/checking_the_cfw_dashboard.rst
View File

@ -105,13 +105,13 @@ Procedure
.. figure:: /_static/images/en-us_image_0000001772299481.png
:alt: **Figure 2** Security DashboardOperations Dashboard
:alt: **Figure 2** Security Dashboard
**Figure 2** Security DashboardOperations Dashboard
**Figure 2** Security Dashboard
.. _cfw_01_0009__table184404359171:
.. table:: **Table 4** Operations Dashboard
.. table:: **Table 4** Security Dashboard
+------------------------+-------------------------------------------------------------------+
| Parameter | Description |

10
umn/source/creating_cfws.rst
View File

@ -5,7 +5,7 @@
Creating CFWs
=============
This section describes how to createCFWs.
This section describes how to create CFWs.
Prerequisites
-------------
@ -15,7 +15,8 @@ The current account has the BSS Administrator and CFW FullAccess permissions.
Constraints
-----------
Cloud firewalls can be used in the selected region only. To use a cloud firewall in another region, switch to the corresponding region and then purchase it.
- Cloud firewalls can be used in the selected region only. To use a cloud firewall in another region, switch to the corresponding region and then purchase it.
- Only CFW instances in the enterprise project to which the current account belongs can be purchased.
Procedure
---------
@ -36,11 +37,6 @@ Procedure
| Billing Mode | **Pay-per-use** indicates that you will be charged for the protection on your workloads. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Region | Region where the cloud firewall is to be purchased. |
| | |
| | .. important:: |
| | |
| | NOTICE: |
| | Cloud firewalls can be used in the selected region only. To use a cloud firewall in another region, switch to the corresponding region and then purchase it. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Edition | Professional edition |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

2
umn/source/faqs/about_functions/what_are_the_precautions_for_configuring_a_protection_rule_to_block_ip_addresses.rst
View File

@ -8,6 +8,6 @@ What Are the Precautions for Configuring a Protection Rule to Block IP Addresses
Pay attention to the following points when configuring a protection rule to block IP addresses:
#. You are advised to preferentially configure accurate IP addresses (for example, 192.168.10.5) to reduce network segment configurations and avoid incorrect interception.
#. Exercise caution when configuring protection rules to block reverse proxy IP addresses, and WAF. You are advised to configure protection rules or whitelist to permit reverse proxy IP addresses.
#. Exercise caution when configuring protection rules to block reverse proxy IP addresses, such as the WAF back-to-source IP addresses. You are advised to configure protection rules or whitelist to permit reverse proxy IP addresses.
#. Forward proxy IP addresses (such as company egress IP addresses) have a large impact scope. Exercise caution when configuring protection rules to block forward proxy IP addresses.
#. When configuring region protection, you need to consider the situation that the public IP address may be changed.

6
umn/source/faqs/consulting/can_waf_and_cfw_be_deployed_together.rst → umn/source/faqs/consulting/can_wafand_cfw_be_deployed_together.rst
View File

@ -2,12 +2,12 @@
.. _cfw_01_0242:
Can WAF, and CFW Be Deployed Together?
======================================
Can WAFand CFW Be Deployed Together?
====================================
Yes. WAF has two modes: exclusive mode and cloud mode. The traffic trend varies depending on the mode. The details are as follows:
- Exclusive mode mode: Internet -> CFW -> WAF (dedicated mode) -> Origin server
- Exclusive mode: Internet -> CFW -> WAF (dedicated mode) -> Origin server
- Cloud mode: Internet -> WAF (cloud mode) -> CFW -> Origin server
.. note::

4
umn/source/faqs/consulting/index.rst
View File

@ -10,7 +10,7 @@ Consulting
- :ref:`What Are the Differences Between CFW and WAF? <cfw_01_0040>`
- :ref:`What Are the Differences Between CFW, Security Groups, and Network ACLs? <cfw_01_0224>`
- :ref:`What Are the Priorities of the Protection Settings in CFW? <cfw_01_0208>`
- :ref:`Can WAF, and CFW Be Deployed Together? <cfw_01_0242>`
- :ref:`Can WAFand CFW Be Deployed Together? <cfw_01_0242>`
.. toctree::
:maxdepth: 1
@ -21,4 +21,4 @@ Consulting
what_are_the_differences_between_cfw_and_waf
what_are_the_differences_between_cfw_security_groups_and_network_acls
what_are_the_priorities_of_the_protection_settings_in_cfw
can_waf_and_cfw_be_deployed_together
can_wafand_cfw_be_deployed_together

28
umn/source/faqs/consulting/what_are_the_differences_between_cfw_and_waf.rst
View File

@ -5,7 +5,7 @@
What Are the Differences Between CFW and WAF?
=============================================
CFW and WAF are two different products to protect your Internet borders, VPC borders, and web services.
CFW and WAF are two different products that can be used to protect your Internet borders, VPC borders, and web services.
:ref:`Table 1 <cfw_01_0040__table1638919111237>` describes the differences between WAF and CFW.
@ -13,16 +13,16 @@ CFW and WAF are two different products to protect your Internet borders, VPC bor
.. table:: **Table 1** Differences between CFW and WAF
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Item | CFW | WAF |
+=======================+=============================================================================================================================================================================================================================================================================================================================================================================================================================================================================+======================================================================================================================================================================================================================================================================================================================================================================================================================+
| Definition | Cloud Firewall (CFW) is a next-generation cloud-native firewall. It protects Internet and VPC borders on the cloud by real-time intrusion detection and prevention, global unified access control, full traffic analysis, log audit, and tracing. It employs AI for intelligent defense, and can meet changing business needs, helping you easily handle security threats. CFW is a basic service that provides network security protection for user services on the cloud. | WAF keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF). |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Protection | - EIP and VPC borders | - Applicable to domain names, IP addresses, and web services on and off the cloud |
| | - Basic protection against web attacks | - Comprehensive protection against web attacks |
| | - Defense against external intrusions and protection of proactive connections to external systems | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Features | - Asset management and intrusion defense: It detects and defends against intrusions into cloud assets that are accessible over the Internet in real time. | WAF identifies and blocks a wide range of suspicious attacks, such as SQL injections, XSS attacks, web shell upload, command or code injections, file inclusion, unauthorized sensitive file access, third-party vulnerability exploits, CC attacks, malicious crawlers, and CSRF. |
| | - Access control: You can control access at Internet borders. | |
| | - Traffic Analysis and log audit: CFW controls, analyzes, and visualizes VPC traffic, audits logs, and traces traffic sources. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Item | CFW | WAF |
+=======================+=======================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+======================================================================================================================================================================================================================================================================================================================================================================================================================+
| Definition | Cloud Firewall (CFW) is a next-generation cloud-native firewall. It protects the Internet border and VPC border on the cloud by real-time intrusion detection and prevention, global unified access control, full traffic analysis, log audit, and tracing. It employs AI for intelligent defense, and can meet changing business needs, helping you easily handle security threats. CFW is a basic service that provides network security protection for user services on the cloud. | WAF keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF). |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Protection | - EIP border and VPC border | - Applicable to domain names, IP addresses, and web services on and off the cloud |
| | - Basic protection against web attacks | - Comprehensive protection against web attacks |
| | - Defense against external intrusions and protection of proactive connections to external systems | |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Features | - Asset management and intrusion defense: It detects and defends against intrusions into cloud assets that are accessible over the Internet in real time. | WAF identifies and blocks a wide range of suspicious attacks, such as SQL injections, XSS attacks, web shell upload, command or code injections, file inclusion, unauthorized sensitive file access, third-party vulnerability exploits, CC attacks, malicious crawlers, and CSRF. |
| | - Access control: You can control access at Internet borders. | |
| | - Traffic Analysis and log audit: CFW controls, analyzes, and visualizes VPC traffic, audits logs, and traces traffic sources. | |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

26
umn/source/faqs/consulting/what_are_the_differences_between_cfw_security_groups_and_network_acls.rst
View File

@ -13,16 +13,16 @@ CFW, security groups, and network ACLs allow you to set access control policies
.. table:: **Table 1** Differences between CFW, security groups, and network ACLs
+-------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Item | CFW | Security group | Network ACL |
+===================+=============================================================================================================================================================================================================================================================================================================================================================================================================================================================================+========================================================================================================================================================================================================================================================================================================================================================================+=================================================================================================================================================================================+
| Definition | Cloud Firewall (CFW) is a next-generation cloud-native firewall. It protects Internet and VPC borders on the cloud by real-time intrusion detection and prevention, global unified access control, full traffic analysis, log audit, and tracing. It employs AI for intelligent defense, and can meet changing business needs, helping you easily handle security threats. CFW is a basic service that provides network security protection for user services on the cloud. | A security group is a collection of access control rules for instances, such as cloud servers, containers, and databases, that have the same security requirements and that are mutually trusted within a VPC. You can define different access control rules for a security group, and these rules are then applied to all the instances added to this security group. | A network ACL is an optional layer of security for your subnets. After you associate one or more subnets with a network ACL, you can control traffic in and out of the subnets. |
+-------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Protected objects | - Internet boundary | ECS | Subnet |
| | - VPC boundary | | |
| | - SNAT scenario | | |
+-------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Features | - Filtering by 5-tuple (source IP address, destination IP address, protocol, source port, and destination port) | Filtering by 3-tuple (protocol, port, and peer IP address) | Filtering by 5-tuple (source IP address, destination IP address, protocol, source port, and destination port) |
| | - Filtering by geographical location, domain name, domain name group, and blacklist/whitelist | | |
| | - Intrusion prevention system (IPS) and antivirus (AV). | | |
+-------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Item | CFW | Security group | Network ACL |
+===================+=======================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+========================================================================================================================================================================================================================================================================================================================================================================+=================================================================================================================================================================================+
| Definition | Cloud Firewall (CFW) is a next-generation cloud-native firewall. It protects the Internet border and VPC border on the cloud by real-time intrusion detection and prevention, global unified access control, full traffic analysis, log audit, and tracing. It employs AI for intelligent defense, and can meet changing business needs, helping you easily handle security threats. CFW is a basic service that provides network security protection for user services on the cloud. | A security group is a collection of access control rules for instances, such as cloud servers, containers, and databases, that have the same security requirements and that are mutually trusted within a VPC. You can define different access control rules for a security group, and these rules are then applied to all the instances added to this security group. | A network ACL is an optional layer of security for your subnets. After you associate one or more subnets with a network ACL, you can control traffic in and out of the subnets. |
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Protected objects | - Internet boundary | ECS | Subnet |
| | - VPC boundary | | |
| | - SNAT scenario | | |
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Features | - Filtering by 5-tuple (source IP address, destination IP address, protocol, source port, and destination port) | Filtering by 3-tuple (protocol, port, and peer IP address) | Filtering by 5-tuple (source IP address, destination IP address, protocol, source port, and destination port) |
| | - Filtering by geographical location, domain name, domain name group, and blacklist/whitelist | | |
| | - Intrusion prevention system (IPS) and antivirus (AV). | | |
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

2
umn/source/faqs/network_traffic/how_does_cfw_collect_traffic_statistics.rst
View File

@ -10,4 +10,4 @@ Currently, CFW collects traffic statistics based on sessions. Traffic data is re
.. note::
- The overall traffic of the session is counted from the time the session starts to the time it ends.
- The Internet border involves inbound and outbound traffic, or internet originated traffic and server originated traffic.
- The Internet border involves inbound (internet originated) traffic and outbound (server originated) traffic.

2
umn/source/faqs/network_traffic/index.rst
View File

@ -5,7 +5,6 @@
Network Traffic
===============
- :ref:`What Does Traffic Analysis Provide? <cfw_01_0018>`
- :ref:`How Does CFW Collect Traffic Statistics? <cfw_01_0027>`
- :ref:`What Are the Differences Between the Data Displayed in Traffic Trend Module and the Traffic Analysis Page? <cfw_01_0243>`
@ -13,6 +12,5 @@ Network Traffic
:maxdepth: 1
:hidden:
what_does_traffic_analysis_provide
how_does_cfw_collect_traffic_statistics
what_are_the_differences_between_the_data_displayed_in_traffic_trend_module_and_the_traffic_analysis_page

2
umn/source/faqs/network_traffic/what_are_the_differences_between_the_data_displayed_in_traffic_trend_module_and_the_traffic_analysis_page.rst
View File

@ -7,7 +7,7 @@ What Are the Differences Between the Data Displayed in Traffic Trend Module and
The methods of collecting traffic statistics on the two modules are different.
- The **Traffic Trend** area on the **Dashboard** page displays the inbound, outbound, and inter-VPC traffic based on traffic statistics in real time.
- The **Traffic Trend** area on the **Dashboard** page displays the inbound, inter-VPC, and outbound traffic based on traffic statistics in real time.
- In the **Traffic Analysis** module, traffic data is collected based on session statistics and reported when the connection is terminated. The following traffic data is displayed:
- **Inbound Traffic**

8
umn/source/faqs/network_traffic/what_does_traffic_analysis_provide.rst
View File

@ -1,8 +0,0 @@
:original_name: cfw_01_0018.html
.. _cfw_01_0018:
What Does Traffic Analysis Provide?
===================================
On the **Traffic Analysis** page, you can view the internet inbound and outbound traffic and attack trend of your assets in the **Last 1 hour**, **Last 24 hours**, and **Last 7 days**.

10
umn/source/faqs/troubleshooting/how_do_i_troubleshoot_cfw_protection_when_service_traffic_is_abnormal.rst
View File

@ -42,7 +42,7 @@ Troubleshooting Methods
#. .. _cfw_01_0248__li19523175915569:
If services are restored after EIP protection or the VPC border firewall is disabled, you are advised to disable firewall protection.
If services are restored after the EIP protection or the VPC border firewall is disabled, you are advised to disable firewall protection.
#. (Optional) To monitor the firewall status and quickly check exceptions, you are advised to configure CFW alarm rules on the Cloud Eye console. For details, see :ref:`CFW Monitored Metrics <cfw_01_0136>`.
@ -107,7 +107,7 @@ The firewall administrator took the following measures:
.. caution::
According to :ref:`Figure 3 <cfw_01_0248__fig886815536237>`, there were three valid rules whose source IP addresses contain **xx.xx.xx.252**, including **Block-xxx-com** (with the highest priority), **Block-Malicious-Outreach**, and **Allow-Asia** (with the lowest priority). Besides the blocking rule **Block-Malicious-Outreach**, the administrator checked whether the two other two rules may intercept normal services.
According to :ref:`Figure 3 <cfw_01_0248__fig886815536237>`, there were three valid rules whose source IP addresses contain **xx.xx.xx.126**, including **Block-xxx-com** (with the highest priority), **Block-Malicious-Outreach**, and **Allow-Asia** (with the lowest priority). Besides the blocking rule **Block-Malicious-Outreach**, the administrator checked whether the two other two rules may intercept normal services.
Finally, it is found that the EIP accessed suspicious IP addresses so that an administrator configured a blocking rule it, but the configured destination was incorrect. As a result, all external traffic is blocked by mistake (see the second protection rule in :ref:`Figure 3 <cfw_01_0248__fig886815536237>`).
@ -137,7 +137,7 @@ The firewall administrator took the following measures:
During this period, the firewall did not intercept attack traffic but only logged the attack traffic.
#. The administrator chose **Log Audit** > **Log Query** and clicked the **Attack Event Logs** tab. The logs about the access to the destination IP address **xx.xx.xx.99** were displayed. The IPS rule whose ID was **334841** blocked the traffic.
#. The administrator chose **Log Audit** > **Log Query** and clicked the **Attack Event Logs** tab. The logs about the access to the destination IP address **xx.xx.xx.99** were displayed. The IPS rule whose ID was 334841 blocked the traffic.
.. figure:: /_static/images/en-us_image_0000001749911812.png
@ -145,7 +145,7 @@ The firewall administrator took the following measures:
**Figure 4** Filtering attack event logs
#. The administrator clicked **Details** in the **Operation** column, clicked **Payload Content** in the display page, and created a packet capture task to determine that the service is normal. The administrator searched for the rule whose ID is **334841** from the list on the **Basic Protection** tab page by referring to :ref:`Modifying the Action of a Basic Protection Rule <cfw_01_0169>`.
#. The administrator clicked **Details** in the **Operation** column, clicked **Payload Content** in the display page, and created a packet capture task to determine that the service is normal. The administrator searched for the rule whose ID is 334841 from the list on the **Basic Protection** tab page by referring to :ref:`Modifying the Action of a Basic Protection Rule <cfw_01_0169>`.
.. figure:: /_static/images/en-us_image_0000001796836733.png
@ -155,6 +155,6 @@ The firewall administrator took the following measures:
#. The administrator clicked **Observe** in the **Operation** column. This rule did not block the traffic matching the signature but only logged the traffic.
#. The administrator set the protection mode to **Intercept mode - strict** and went to the **Basic Protection** tab to confirm that the **Current Status** of the rule **334841** was still **Observe**.
#. The administrator set the protection mode to **Intercept mode - strict** and went to the **Basic Protection** tab to confirm that the **Current Status** of the rule 334841 was still **Observe**.
#. In the **Attack Event Logs** tab, after the service session matched the rule, the **Action** of the log was **Allow**. The service was restored.

42
umn/source/faqs/troubleshooting/how_does_cfw_detect_and_defend_against_attacks_exploiting_the_apache_log4j_remote_code_execution_vulnerability.rst
View File

@ -1,42 +0,0 @@
:original_name: cfw_01_0058.html
.. _cfw_01_0058:
How Does CFW Detect and Defend Against Attacks Exploiting the Apache Log4j Remote Code Execution Vulnerability?
===============================================================================================================
Apache Log4j2 has a remote code execution vulnerability (CVE-2021-44228). When Apache Log4j2 processes user input during log processing, attackers can construct special requests to trigger remote code execution. The POC has been disclosed and the risk is high.
On December 16, Apache announced that in versions earlier than 2.16.0, there was a remote code execution vulnerability (CVE-2021-45046).
Apache Log4j2 is a widely used Java-based logging utility. If you are an Apache Log4j2 user, check your system and implement timely security hardening.
CFW can detect and intercept the Apache Log4j2 remote code execution vulnerability.
Vulnerability Name
------------------
Apache Log4j remote code execution vulnerability
Affected Products
-----------------
Affected versions:
2.0-beat9 <= Apache Log4j 2.x < 2.16.0 (Version 2.12.2 is not affected.)
Affected applications and components: spring-boot-starter-log4j2, Apache Solr, Apache Flink, and Apache Druid.
Secure versions:
Apache Log4j 1.x
Apache Log4j 2.16.0
Mitigation
----------
#. Log in to the CFW console and perform the following operations:
a. Purchase the CFW standard edition..
b. Enable **Basic protection** on the **Intrusion Prevention** page and set **Action** to **Block**. For details, see :ref:`Configuring Intrusion Prevention <cfw_01_0032>`.

29
umn/source/faqs/troubleshooting/how_does_cfw_detect_and_defend_against_attacks_exploiting_the_spring_framework_remote_code_execution_vulnerability.rst
View File

@ -1,29 +0,0 @@
:original_name: cfw_01_0072.html
.. _cfw_01_0072:
How Does CFW Detect and Defend Against Attacks Exploiting the Spring Framework Remote Code Execution Vulnerability?
===================================================================================================================
Spring Framework is a lightweight open-source application framework for developing enterprise Java applications. A remote code execution vulnerability (CVE-2022-22965) was disclosed in the Spring framework and classified as critical. This vulnerability can be exploited to attack Java applications running on JDK 9 or later versions.
CFW can detect and intercept attacks that exploit the Spring Framework remote code execution vulnerability.
Vulnerability Name
------------------
Spring Framework remote code execution vulnerability
Affected Versions
-----------------
- JDK 9 or later
- Applications developed using the Spring Framework or derived framework
Mitigation
----------
#. Log in to the CFW console and perform the following operations:
a. Purchase the CFW standard edition..
b. Enable **Basic protection** on the **Intrusion Prevention** page and set **Action** to **Block**. For details, see :ref:`Configuring Intrusion Prevention <cfw_01_0032>`.

4
umn/source/faqs/troubleshooting/index.rst
View File

@ -10,8 +10,6 @@ Troubleshooting
- :ref:`Why Does a Configured Policy Not Take Effect? <cfw_01_0079>`
- :ref:`What Do I Do If IPS Blocks Normal Services? <cfw_01_0225>`
- :ref:`What Do I Do If There Is No Data in Access Control Logs? <cfw_01_0209>`
- :ref:`How Does CFW Detect and Defend Against Attacks Exploiting the Apache Log4j Remote Code Execution Vulnerability? <cfw_01_0058>`
- :ref:`How Does CFW Detect and Defend Against Attacks Exploiting the Spring Framework Remote Code Execution Vulnerability? <cfw_01_0072>`
.. toctree::
:maxdepth: 1
@ -22,5 +20,3 @@ Troubleshooting
why_does_a_configured_policy_not_take_effect
what_do_i_do_if_ips_blocks_normal_services
what_do_i_do_if_there_is_no_data_in_access_control_logs
how_does_cfw_detect_and_defend_against_attacks_exploiting_the_apache_log4j_remote_code_execution_vulnerability
how_does_cfw_detect_and_defend_against_attacks_exploiting_the_spring_framework_remote_code_execution_vulnerability

6
umn/source/faqs/troubleshooting/what_do_i_do_if_ips_blocks_normal_services.rst
View File

@ -36,10 +36,4 @@ Querying Hit Rules and Modifying Protection Actions
- **Observe**: The firewall logs the traffic that matches the current rule and does not block the traffic.
- **Disable**: The firewall does not log or block the traffic that matches the current rule.
.. figure:: /_static/images/en-us_image_0000001658973104.png
:alt: **Figure 2** Changing the protection mode of a rule
**Figure 2** Changing the protection mode of a rule
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png

4
umn/source/managing_acl_rules/adding_a_protection_rule.rst
View File

@ -66,7 +66,7 @@ Adding an Internet Boundary Protection Rule
| | - Only the professional edition supports the configuration of rule types. | |
| | - To configure **NAT**, ensure that: | |
| | | |
| | - The professional edition has been enabled.. | |
| | - The professional edition has been enabled. | |
| | - The VPC border firewalls have been configured. | |
+--------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+
| Name | Name of the custom security policy. | test |
@ -111,7 +111,7 @@ Adding an Internet Boundary Protection Rule
| | .. note:: | |
| | | |
| | - To protect the domain names of HTTP and HTTPS applications, you can select any options. | |
| | - To protect the wildcard domain names of HTTP and HTTPS applications applications, select **Application** and then select any option from the drop-down list. | |
| | - To protect the wildcard domain names of HTTP and HTTPS applications, select **Application** and then select any option from the drop-down list. | |
| | - To protect a single domain name of other application types (such as FTP, MySQL, and SMTP), select **Network** and select any option from the drop-down list. (If **Application Domain Name Group** is selected, up to 600 IP addresses can be resolved.) | |
| | - To protect multiple domain names of other application types (such as FTP, MySQL, and SMTP), select **Network** and **Network Domain Group** from the drop-down list. | |
| | - If you need to configure the wildcard domain names or application domain name groups of the HTTP/HTTPS applications, and the network domain groups of other application types for the same domain name, ensure that the priority of the **Network** protection rule is higher than that of the **Application** protection rule. | |

4
umn/source/managing_acl_rules/managing_domain_name_groups/adding_a_domain_name_group.rst
View File

@ -26,9 +26,9 @@ Constraints
**Network Domain Name Group (Layer 4 Protocol Parsing)**
- A domain name group can have up to 15 domain names.
- Each domain name can resolve up to 1000 IP addresses.
- Each domain name can resolve up to 1,000 IP addresses.
- Each domain name group can resolve up to 1,500 IP addresses.
- A firewall instance can have up to 1000 domain names.
- A firewall instance can have up to 1,000 domain names.
Procedure
---------

2
umn/source/managing_acl_rules/managing_ip_address_groups/adding_an_ip_address.rst
View File

@ -20,6 +20,7 @@ Procedure
- To add IP addresses in batches, enter the IP addresses in the text box and click **Parse**.
- To add a single IP address, click **Add**, and enter the IP address and description.
#. In the **Add IP Address** dialog box, add IP addresses. You can click |image2| to add more IP addresses.
#. Confirm the information and click **OK**.
Related Operation
@ -28,3 +29,4 @@ Related Operation
Batch deletion: In the **IP Addresses** area, select IP addresses and click **Delete** above the list.
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png
.. |image2| image:: /_static/images/en-us_image_0000001525649726.png

2
umn/source/managing_acl_rules/managing_protection_rules/checking_the_acl_rule_list.rst
View File

@ -26,7 +26,7 @@ Procedure
| | |
| | A smaller value indicates a higher priority. |
+-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Name | Custom rule name . |
| Name | Custom rule name |
+-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Direction | Traffic direction of the protection rule. |
+-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+

8
umn/source/managing_acl_rules/managing_protection_rules_in_batches.rst
View File

@ -102,11 +102,11 @@ Parameters of Rule Import Template - Protection Rule Table (Internet Border Prot
+---------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source Continent Region | If **Source Address Type** is set to **Region**, you need to configure **Source Continent Region**. | AS: Asia |
| | | |
| | Enter the continent information according to the continent-region-info table. | |
| | Enter the continent information according to the **continent-region-info** sheet of the template table. | |
+---------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source Country Region | If **Source Address Type** is set to **Region**, you need to configure **Source Country Region**. | DE: Germany |
| | | |
| | Enter the country information according to the country-region-info table. | |
| | Enter the country information according to the **country-region-info** sheet of the template table. | |
+---------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination Address Type | Destination address type of data packets in the access traffic. | IP Address Group |
| | | |
@ -126,11 +126,11 @@ Parameters of Rule Import Template - Protection Rule Table (Internet Border Prot
+---------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination Continent Region | If **Destination Address Type** is set to **Region**, you need to set **Destination Continent Region**. | AS: Asia |
| | | |
| | Enter the continent information according to the continent-region-info table. | |
| | Enter the continent information according to the **continent-region-info** sheet of the template table. | |
+---------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination Country Region | If **Destination Address Type** is set to **Region**, you need to set **Destination Country Region**. | DE: Germany |
| | | |
| | Enter the country information according to the country-region-info table. | |
| | Enter the country information according to the **country-region-info** sheet of the template table. | |
+---------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Domain Name | If **Destination Address Type** is set to **Domain Name**, you must configure this parameter. | www.example.com |
| | | |

8
umn/source/managing_basic_protection_rules/customizing_ips_signatures.rst
View File

@ -108,6 +108,14 @@ Procedure
| | |
| | - **Head**: The start position depends on the **Offset** from the head. For example, if **Offset** is **10**, the content check starts from the eleventh bit. |
| | |
| | .. note:: |
| | |
| | If **Content Option** is set to **URL**, the matching position of the header starts from the end of the domain name (including the port number). |
| | |
| | For example, if the URL is www.example.com/test and the **Offset** is **0**, the content check starts from the slash (/) following **com**. |
| | |
| | If the URL is www.example.com:80/test and the **Offset** is **0**, the content check starts from the slash (/) after **80**. |
| | |
| | - **After previous content**: Packet capture starts from the specified position. |
| | |
| | Formula: Start position = Length of the previous **Content** field + Previous **Offset** + **Offset** + 1 |

7
umn/source/managing_eip_protection/enabling_eip_protection.rst
View File

@ -16,20 +16,16 @@ Constraints
- Currently, IPv6 addresses cannot be protected.
- An EIP can only be protected by one firewall.
- Only EIPs in the enterprise project to which the current account belongs can be protected.
Procedure
---------
#. Log in to the management console.
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column to go to the details page.
#. In the navigation pane, choose **Assets** > **EIPs**. The EIP page is displayed. The EIP information is automatically updated to the list.
(Optional) Manually refresh the list. Click **Synchronize EIP** in the upper right corner of the page to import your EIP information to the list and refresh the EIP list.
5. Enable EIP protection.
- Enable protection for a single EIP. In the row of the EIP, click **Enable Protection** in the **Operation** column.
@ -39,6 +35,7 @@ Procedure
- Currently, IPv6 addresses cannot be protected.
- An EIP can only be protected by one firewall.
- Only EIPs in the enterprise project to which the current account belongs can be protected.
6. On the page that is displayed, check the information and click **Bind and Enable**. Then the **Protection Status** changes to **Protected**.

14
umn/source/managing_vpc_border_firewalls/enterprise_router_mode/configuring_an_enterprise_router.rst
View File

@ -36,16 +36,18 @@ Procedure
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column to go to the details page.
#. In the navigation pane, choose **Assets** > **Inter-VPC Border Firewalls**.
#. Choose **Configure Enterprise Router**. On the displayed page, add attachments to an enterprise router. For details about the attachment types that can be added, see .
#. Click **Configure Enterprise Router**. On the displayed page, add attachments to an enterprise router. For details about the attachment types that can be added, see *Attachment Overview* in *Enterprise Router User Guide*.
Assume you want to protect two VPCs. (At least two VPC attachments are required to connect the two VPCs to the enterprise router.) For details, see section *Adding VPC Attachments to an Enterprise Router* in "ER User Guide".
.. note::
- Add at least three connections, for example, the firewall connection **cfw-er-auto** (automatically generated after the firewall is created), the VPC1 connection **vpc-1**, and the VPC2 connection **vpc-2**.
- To use the enterprise router of account A to protect VPCs under account B, share the router with account B. For details, see .
- To use the enterprise router of account A to protect VPCs under account B, share the router with account B, and add an attachment in account B. For details, see *Creating a Sharing* in *Enterprise Router User Guide*. Subsequent configurations should still be performed on account A.
#. Create two route tables to connect to the firewall and the VPC to be protected, respectively.
@ -113,7 +115,7 @@ Procedure
#. .. _cfw_01_0236__en-us_topic_0000001636523073_li0478194414719:
Configure the association and routing.
Configure the association and propagation.
a. Select the route table to be connected to the firewall. Click the **Associations** tab and click **Create Association**.
@ -142,7 +144,7 @@ Procedure
+-----------------+--------------------------------------------------------+---------------+
| Parameter | Description | Example Value |
+=================+========================================================+===============+
| Connection Type | Select **VPC**. | VPC |
| Attachment Type | Select **VPC**. | VPC |
+-----------------+--------------------------------------------------------+---------------+
| Attachment | Select an item from the **Attachment** drop-down list. | er-attach-02 |
+-----------------+--------------------------------------------------------+---------------+
@ -167,7 +169,7 @@ Ping ECSs in the VPC from each other to check whether they can properly communic
**Troubleshooting**
#. Check whether the two route tables of the enterprise router are correctly configured. For details, see :ref:`Step 6 <cfw_01_0236__en-us_topic_0000001636523073_li19994174475>` and :ref:`Step 7 <cfw_01_0236__en-us_topic_0000001636523073_li0478194414719>`.
#. Check whether the two route tables of the enterprise router are correctly configured. For details, see :ref:`Step 7 <cfw_01_0236__en-us_topic_0000001636523073_li19994174475>` and :ref:`Step 8 <cfw_01_0236__en-us_topic_0000001636523073_li0478194414719>`.
#. Check whether the default route table of the VPC directs routes to the enterprise router.
@ -182,7 +184,7 @@ Ping ECSs in the VPC from each other to check whether they can properly communic
+-----------------------+-------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+===========================================================================================+=======================+
| Destination Address | Destination CIDR block. | 192.168.0.0/16 |
| Destination | Destination CIDR block. | 192.168.0.0/16 |
| | | |
| | A route destination must be unique, and cannot overlap with any subnets in the VPC. | |
| | | |

2
umn/source/managing_vpc_border_firewalls/enterprise_router_mode/creating_a_vpc_border_firewall.rst
View File

@ -20,6 +20,8 @@ Procedure
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column to go to the details page.
#. In the navigation pane, choose **Assets** > **Inter-VPC Border Firewalls**.
#. Configure the subnets associated with the enterprise router and the cloud firewall, respectively. Click **Create Firewall**. Configure the enterprise router and associated subnets.

1
umn/source/managing_vpc_border_firewalls/enterprise_router_mode/enabling_or_disabling_a_vpc_border_firewall.rst
View File

@ -23,6 +23,7 @@ Procedure
#. Log in to the management console.
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column to go to the details page.
#. In the navigation pane, choose **Assets** > **Inter-VPC Border Firewalls**.
#. In the **Operation** column, click **Enable Protection** or **Disable Protection**.

1
umn/source/managing_vpc_border_firewalls/vpc_border_firewall_overview.rst
View File

@ -47,6 +47,7 @@ Constraints
- Only the professional edition supports VPC border firewalls.
- Traffic diversion depends on the enterprise router in enterprise router mode.
- Only VPCs in the enterprise project to which the current account belongs can be protected.
Configuration Process
---------------------

2
umn/source/managing_vpc_border_firewalls/vpc_mode/step_4_enable_or_disable_a_vpc_border_firewall.rst
View File

@ -29,7 +29,7 @@ Disabling a Firewall
Follow-up Operations
--------------------
To add a protected VPC after a firewall is enabled, Perform the operations in :ref:`Associating a Protected VPC with the Firewall <cfw_01_0203__section8154163010584>` and :ref:`Step 3: Configure Routes on the VPC Side <cfw_01_0204>`.
To add a protected VPC after a firewall is enabled, perform the operations in :ref:`Associating a Protected VPC with the Firewall <cfw_01_0203__section8154163010584>` and :ref:`Step 3: Configure Routes on the VPC Side <cfw_01_0204>`.
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png
.. |image2| image:: /_static/images/en-us_image_0000001259322747.png

13
umn/source/product_overview/concepts_related_to_cfw.rst
View File

@ -10,6 +10,19 @@ Concepts Related to CFW
A 5-tuple (or quintuple) consists of a source IP address, a destination IP address, a protocol, a source port, and a destination port.
Protected Traffic
-----------------
Inbound traffic is the traffic transferred from the Internet to CFW. For example, the traffic for downloading resources from the public network to servers in the cloud is the inbound traffic.
Outbound traffic is the traffic transferred from CFW to the Internet. For example, servers on the cloud provide services for external users, the traffic used by external users for downloading resources from the cloud is outbound traffic.
Protection bandwidth: bandwidth of all services protected by CFW.
Peak traffic at the Internet boundary: the maximum inbound or outbound traffic of all EIPs protected by CFW.
Peak traffic at the VPC boundary: the maximum total traffic of all VPCs protected by CFW.
Internet Border Firewall
------------------------

4
umn/source/product_overview/constraints_and_limitations.rst
View File

@ -54,9 +54,9 @@ Function Constraints and Limitations
| | **Network Domain Name Group (Layer 4 Protocol Parsing)** |
| | |
| | - A domain name group can have up to 15 domain names. |
| | - Each domain name can resolve up to 1000 IP addresses. |
| | - Each domain name can resolve up to 1,000 IP addresses. |
| | - Each domain name group can resolve up to 1,500 IP addresses. |
| | - A firewall instance can have up to 1000 domain names. |
| | - A firewall instance can have up to 1,000 domain names. |
+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Changing the action of a basic protection rule | - The action of a manually modified rule remains unchanged even if **Protection Mode** is changed. |
| | - The constraints on manually modified actions are as follows: |

16
umn/source/product_overview/features.rst
View File

@ -5,7 +5,7 @@
Features
========
CFW provides the and the professional edition. You can use access control, intrusion prevention, traffic analysis, and log audit functions on the console.
CFW provides the **professional edition**. You can use access control, intrusion prevention, traffic analysis, and log audit functions on the console.
.. table:: **Table 1** Features
@ -14,7 +14,7 @@ CFW provides the and the professional edition. You can use access control, intru
+===================================+=================================================================================================================================================================================================+
| Dashboard | You can check basic information about firewall instances, resource protection, and more statistics. |
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Assets | You can check and manage EIPs. |
| Assets | Manage and view data and information about your EIPs and VPCs. |
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Access Control | - You can control traffic at Internet and VPC borders based on IP addresses, regions, and domain names. |
| | - You can use the policy assistant to quickly check protection rule hits and adjust rules in a timely manner. |
@ -60,6 +60,8 @@ CFW provides the and the professional edition. You can use access control, intru
| | - Attack event logs, which contain details about intrusions |
| | - Access control logs, which contain details about what access is allowed and what is blocked |
| | - Traffic logs, which contain the access traffic of specific services |
| | |
| | You can use Log Tank Service (LTS) to record all CFW logs, including attack event, access control, and traffic logs. |
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| System Management | - DNS configuration: The DNS server resolves and delivers IP addresses. |
| | - Security report: Generates log reports to help you learn about the security status of assets in a timely manner. |
@ -67,8 +69,8 @@ CFW provides the and the professional edition. You can use access control, intru
.. table:: **Table 2** Engine
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+-----------------------------------------+
| Engine | Function | Protocol | Scenario |
+=================+=======================================================================================================================================================================================================================================================+=========================+=========================================+
| Firewall engine | The load balancing component distributes user traffic to the tenant firewall engine for security check and protection, and then sends the traffic to the target ECS. This engine provides various detection functions and flexible blocking policies. | TCP, UDP, ICMP, and Any | Protection for Internet and VPC borders |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+-----------------------------------------+
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+-----------------------------------------------+
| Engine | Function | Protocol | Scenario |
+=================+=======================================================================================================================================================================================================================================================+=========================+===============================================+
| Firewall engine | The load balancing component distributes user traffic to the tenant firewall engine for security check and protection, and then sends the traffic to the target ECS. This engine provides various detection functions and flexible blocking policies. | TCP, UDP, ICMP, and Any | Protection for the border of Internet and VPC |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------+-----------------------------------------------+

4
umn/source/product_overview/index.rst
View File

@ -9,8 +9,8 @@ Product Overview
- :ref:`Features <cfw_01_0003>`
- :ref:`Application Scenarios <cfw_01_0005>`
- :ref:`Constraints and Limitations <cfw_01_0189>`
- :ref:`Concepts Related to CFW <cfw_01_0057>`
- :ref:`Related Services <cfw_01_0007>`
- :ref:`Concepts Related to CFW <cfw_01_0057>`
.. toctree::
:maxdepth: 1
@ -20,5 +20,5 @@ Product Overview
features
application_scenarios
constraints_and_limitations
concepts_related_to_cfw
related_services
concepts_related_to_cfw

28
umn/source/product_overview/related_services.rst
View File

@ -35,22 +35,22 @@ Log Tank Service (LTS)
Differences from WAF
--------------------
CFW and WAF are two different products to protect your Internet borders, VPC borders, and web services.
CFW and WAF are two different products that can be used to protect your Internet borders, VPC borders, and web services.
The following table describes the differences between CFW and WAF.
.. table:: **Table 1** Differences between CFW and WAF
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Item | CFW | WAF |
+=======================+=============================================================================================================================================================================================================================================================================================================================================================================================================================================================================+======================================================================================================================================================================================================================================================================================================================================================================================================================+
| Definition | Cloud Firewall (CFW) is a next-generation cloud-native firewall. It protects Internet and VPC borders on the cloud by real-time intrusion detection and prevention, global unified access control, full traffic analysis, log audit, and tracing. It employs AI for intelligent defense, and can meet changing business needs, helping you easily handle security threats. CFW is a basic service that provides network security protection for user services on the cloud. | WAF keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF). |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Protection | - EIP and VPC borders | - Applicable to domain names, IP addresses, and web services on and off the cloud |
| | - Basic protection against web attacks | - Comprehensive protection against web attacks |
| | - Defense against external intrusions and protection of proactive connections to external systems | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Features | - Asset management and intrusion defense: It detects and defends against intrusions into cloud assets that are accessible over the Internet in real time. | WAF identifies and blocks a wide range of suspicious attacks, such as SQL injections, XSS attacks, web shell upload, command or code injections, file inclusion, unauthorized sensitive file access, third-party vulnerability exploits, CC attacks, malicious crawlers, and CSRF. |
| | - Access control: You can control access at Internet borders. | |
| | - Traffic Analysis and log audit: CFW controls, analyzes, and visualizes VPC traffic, audits logs, and traces traffic sources. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Item | CFW | WAF |
+=======================+=======================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+======================================================================================================================================================================================================================================================================================================================================================================================================================+
| Definition | Cloud Firewall (CFW) is a next-generation cloud-native firewall. It protects the Internet border and VPC border on the cloud by real-time intrusion detection and prevention, global unified access control, full traffic analysis, log audit, and tracing. It employs AI for intelligent defense, and can meet changing business needs, helping you easily handle security threats. CFW is a basic service that provides network security protection for user services on the cloud. | WAF keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF). |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Protection | - EIP border and VPC border | - Applicable to domain names, IP addresses, and web services on and off the cloud |
| | - Basic protection against web attacks | - Comprehensive protection against web attacks |
| | - Defense against external intrusions and protection of proactive connections to external systems | |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Features | - Asset management and intrusion defense: It detects and defends against intrusions into cloud assets that are accessible over the Internet in real time. | WAF identifies and blocks a wide range of suspicious attacks, such as SQL injections, XSS attacks, web shell upload, command or code injections, file inclusion, unauthorized sensitive file access, third-party vulnerability exploits, CC attacks, malicious crawlers, and CSRF. |
| | - Access control: You can control access at Internet borders. | |
| | - Traffic Analysis and log audit: CFW controls, analyzes, and visualizes VPC traffic, audits logs, and traces traffic sources. | |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

4
umn/source/product_overview/what_is_cfw.rst
View File

@ -5,7 +5,7 @@
What Is CFW?
============
Cloud Firewall (CFW) is a next-generation cloud-native firewall. It protects Internet and VPC borders on the cloud by real-time intrusion detection and prevention, global unified access control, full traffic analysis, log audit, and tracing. It employs AI for intelligent defense, and can meet changing business needs, helping you easily handle security threats. CFW is a basic service that provides network security protection for user services on the cloud.
Cloud Firewall (CFW) is a next-generation cloud-native firewall. It protects the Internet border and VPC border on the cloud by real-time intrusion detection and prevention, global unified access control, full traffic analysis, log audit, and tracing. It employs AI for intelligent defense, and can meet changing business needs, helping you easily handle security threats. CFW is a basic service that provides network security protection for user services on the cloud.
Intelligent Defense
-------------------
@ -20,7 +20,7 @@ CFW can implement refined control on all traffic, including Internet border, cro
Easy-to-Use Application
-----------------------
As a cloud-native firewall, can be enabled easily, import multi-engine security policies with a few clicks, automatically check assets within seconds, and provide a UI for performing operations, greatly improving management and defense efficiency.
As a cloud-native firewall, CFW can be enabled easily, import multi-engine security policies with a few clicks, automatically check assets within seconds, and provide a UI for performing operations, greatly improving management and defense efficiency.
Supported Access Control Policies
---------------------------------

4
umn/source/system_management/security_reports/creating_a_security_report.rst
View File

@ -59,6 +59,10 @@ Procedure
| Statistical Period | If **Report Type** is set to **Custom**, you need to set **Statistical Period**. |
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Report Schedule | When **Report Type** is set to **Daily** or **Weekly**, you need to set the report sending time. By default, the log report of the previous statistical period is sent. |
| | |
| | .. note:: |
| | |
| | To ensure correctness, the report sending time may be delayed. |
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Recipient Group | Select a topic from the drop-down list to configure the endpoints for receiving the log report. |
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

2
umn/source/traffic_analysis/viewing_inbound_traffic.rst
View File

@ -25,7 +25,7 @@ Procedure
- **Inbound Traffic**: Inbound request and response traffic.
- **Visualizations**: Top 5 items ranked by certain parameters regarding inbound traffic within a specified time range. For more information, see :ref:`Table 1 <cfw_01_0230__table12362103114169>`. Click a record to view the traffic details.
- **Visualizations**: Top 5 items ranked by certain parameters regarding inbound traffic within a specified time range. For more information, see :ref:`Table 1 <cfw_01_0230__table12362103114169>`. You can click a data record to view the traffic details. A maximum of 50 data records can be viewed.
.. _cfw_01_0230__table12362103114169:

2
umn/source/traffic_analysis/viewing_inter-vpc_traffic.rst
View File

@ -26,7 +26,7 @@ Procedure
- **Inter-VPC Access**: Request and response traffic between VPCs.
- **Visualizations**: Top 5 items ranked by certain parameters regarding inter-VPC traffic within a specified time range. For more information, see :ref:`Table 1 <cfw_01_0232__table12362103114169>`. Click a record to view the traffic details.
- **Visualizations**: Top 5 items ranked by certain parameters regarding inter-VPC traffic within a specified time range. For more information, see :ref:`Table 1 <cfw_01_0232__table12362103114169>`. You can click a data record to view the traffic details. A maximum of 50 data records can be viewed.
.. _cfw_01_0232__table12362103114169:

2
umn/source/traffic_analysis/viewing_outbound_traffic.rst
View File

@ -25,7 +25,7 @@ Procedure
- **Outbound Traffic**: Outbound request and response traffic.
- **Visualizations**: Top 5 items ranked by certain parameters regarding outbound traffic within a specified time range. For more information, see :ref:`Table 1 <cfw_01_0231__table12362103114169>`. Click a record to view the traffic details.
- **Visualizations**: Top 5 items ranked by certain parameters regarding outbound traffic within a specified time range. For more information, see :ref:`Table 1 <cfw_01_0231__table12362103114169>`. You can click a data record to view the traffic details. A maximum of 50 data records can be viewed.
.. _cfw_01_0231__table12362103114169: