Virtual Firewall Video

Virtual Firewall (VFW) meets Network ACL function requirements by providing IaaS-layer basic security access control capabilities for HUAWEI CLOUD Stack. VFW provides multi-layer and flexible network ACL functions based on VM ports and subnets.

Easy to Use

The configuration is the same as the traditional firewall. Users' cloud service habits can be inherited.

Flexible Configuration

You can configure firewalls based on subnets and ports and can also configure the blacklist, whitelist, and quintuple filtering.

High Performance

Firewalls are deployed in distributed mode. Each compute node only needs to manage its own VMs and network traffic. There is no performance bottleneck.

High Integration

VFW uses native and FWaaS v2 community standard APIs, providing better interconnection with third-party vendors.

Application Scenarios

  • Intra-VPC ACL Control

  • Inter-VPC ACL Control

Intra-VPC ACL Control

Intra-VPC ACL Control

Packets can be filtered by protocol number, source/destination port number, or source/destination IP address. Inbound and outbound traffic between subnets can be controlled by a VPC.

Advantages

  • Complete Quintuple Filtering

    Packets can be filtered by protocol number, source/destination port number, or source/destination IP address.

  • Policy Status

    VFW supports packet policy recording and automatic reverse setting.

Related Services

VPC

ECS

Inter-VPC ACL Control

Inter-VPC ACL Control

Packets can be filtered by protocol number, source/destination port number, or source/destination IP address. Inbound and outbound traffic between subnets can be controlled by a VPC.

Advantages

  • Policy Sharing

    An ACL policy can be referenced by multiple VPCs, enhancing usability.

  • VPC-specific Firewall

    This feature simplifies the configuration process in scenarios with multiple interconnected projects.

Related Services

VPC

ECS

Functions

Flexible Configuration

The configuration is the same as that of the traditional firewall. Traditional hardware firewall services of enterprises can be seamlessly migrated.

  • Complete quintuple filtering: Packets can be filtered by protocol number, source/destination port number, or source/destination IP address.

  • Policy status: Packet policy recording and automatic reverse setting are both supported.

  • VPC-specific firewall: This feature simplifies the configuration process in scenarios with multiple interconnected projects.

  • Policy sharing: An ACL policy can be referenced by multiple VPCs, enhancing usability.

Standardized APIs

VFW uses native and FWaaS v2 community standard APIs.

Distributed Deployment

Distributed deployment is supported, eliminating performance bottlenecks.

Getting Started

  • Apply for VFW

  • Associate Subnet

  • Add Firewall Rule

Apply for VFW

Steps

1. Log in to the ManageOne operation plane, and go to the VFW console.

2. In the upper right corner of the page, click Apply for Firewall.

3. Apply for a firewall.

Associate Subnet

Steps

1. Log in to the ManageOne operation plane, and go to the VFW console.

2. Select a firewall, and click Associate Subnet or Associate VPC.

3. Associate the subnet or VPC with the firewall.

Note

The associations with subnets take effect in Region Type I scenario. The associations with VPCs take effect in Region Type II scenario.

Add Firewall Rule

Steps

1. Log in to the ManageOne operation plane, and go to the VFW console.

2. Select a firewall.

3. Add rules on the Inbound and Outbound tab pages.

Video Tutorials

How Do I Create a Virtual Firewall?

more>