- Release Notes and Announcements
- Getting Started
- Product Introduction
- Purchase Guide
- Operation Guide
- Practical Tutorial
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Access Control APIs
- AddNatAcRule
- DescribeNatAcRule
- ModifyNatAcRule
- ModifyEnterpriseSecurityDispatchStatus
- ModifyTableStatus
- ModifySequenceRules
- ModifyAllRuleStatus
- ModifyAcRule
- DescribeTableStatus
- DescribeRuleOverview
- DescribeAcLists
- CreateAcRules
- SetNatFwDnatRule
- ExpandCfwVertical
- DescribeNatFwVpcDnsLst
- DescribeNatFwInstancesInfo
- DescribeNatFwInstance
- DescribeNatFwInfoCount
- AddAcRule
- Enterprise Security Group APIs
- Firewall Status APIs
- Intrusion Defense APIs
- Other APIs
- DescribeBlockIgnoreList
- ModifyStorageSetting
- ModifyNatSequenceRules
- DescribeGuideScanInfo
- ModifyBlockTop
- DescribeUnHandleEventTabList
- DescribeTLogIpList
- DescribeTLogInfo
- DescribeBlockStaticList
- DescribeBlockByIpTimesList
- SetNatFwEip
- ModifyResourceGroup
- ModifyNatFwSwitch
- ModifyNatFwReSelect
- ModifyAssetScan
- DescribeSourceAsset
- DescribeNatFwInstanceWithRegion
- DeleteResourceGroup
- CreateNatFwInstance
- DescribeResourceGroupNew
- CreateNatFwInstanceWithDomain
- DescribeIPStatusList
- Data Types
- Error Codes
- FAQs
- Service Level Agreement
- CFW Policy
- Release Notes and Announcements
- Getting Started
- Product Introduction
- Purchase Guide
- Operation Guide
- Practical Tutorial
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Access Control APIs
- AddNatAcRule
- DescribeNatAcRule
- ModifyNatAcRule
- ModifyEnterpriseSecurityDispatchStatus
- ModifyTableStatus
- ModifySequenceRules
- ModifyAllRuleStatus
- ModifyAcRule
- DescribeTableStatus
- DescribeRuleOverview
- DescribeAcLists
- CreateAcRules
- SetNatFwDnatRule
- ExpandCfwVertical
- DescribeNatFwVpcDnsLst
- DescribeNatFwInstancesInfo
- DescribeNatFwInstance
- DescribeNatFwInfoCount
- AddAcRule
- Enterprise Security Group APIs
- Firewall Status APIs
- Intrusion Defense APIs
- Other APIs
- DescribeBlockIgnoreList
- ModifyStorageSetting
- ModifyNatSequenceRules
- DescribeGuideScanInfo
- ModifyBlockTop
- DescribeUnHandleEventTabList
- DescribeTLogIpList
- DescribeTLogInfo
- DescribeBlockStaticList
- DescribeBlockByIpTimesList
- SetNatFwEip
- ModifyResourceGroup
- ModifyNatFwSwitch
- ModifyNatFwReSelect
- ModifyAssetScan
- DescribeSourceAsset
- DescribeNatFwInstanceWithRegion
- DeleteResourceGroup
- CreateNatFwInstance
- DescribeResourceGroupNew
- CreateNatFwInstanceWithDomain
- DescribeIPStatusList
- Data Types
- Error Codes
- FAQs
- Service Level Agreement
- CFW Policy
What is the Edge Firewall?
The edge refers to the boundary between the Internet and the Tencent Cloud private network. The edge traffic is the communication traffic between your cloud assets and the Internet, also known as north-south traffic.
The Edge Firewall is a clustered firewall that monitors north-south traffic.
The Edge Firewall is effective between the assets associated with your EIP and the external Internet.
What Types of Public IP Addresses Will Not Appear in the Switch List of the Edge Firewall?
For the current edition, only the BGP IP address type is supported. The IP addresses of China Mobile, China Unicom, and China Telecom are not supported currently. CFW will automatically ignore the IP addresses of China Mobile, China Unicom, and China Telecom during identification of user assets.
What Should I Do if the Public IP Addresses Are Not Enough for Simultaneous Protection?
The IPS Edition does not support elastic scalability. The Advanced Edition, Enterprise Edition, and Ultimate Edition can improve specifications through elastic scaling. Each 1 Mbps bandwidth expansion simultaneously increases the public IP quota by one.
What Are the Assets Labeled as Other?
The Edge Firewall performs asset identification for users' public IP addresses. Public IP addresses that are not bound to any assets will be identified as Other. The rules associated with these IP addresses will take effect normally once the assets are bound.
Why can the IP Address Still Be Accessed even though I Have Enabled the Edge Firewall Switch?
After the Edge Firewall switch for the IP address is enabled, go to Access Control and Edge Rules to check whether the rule policy type for that IP address is set to Block or Observe. Only when the policy is set to Block can the IP address be intercepted. The details of the IP address rule policy types are as follows:
Allow: Allow the traffic that hits the rule and record the hit count and traffic logs, but not access control logs.
Observe: Allow the traffic that hits the rule and record the hit count, access control logs, and traffic logs.
Block: Block the traffic that hits the rule and record the hit count, access control logs, and traffic logs. The traffic logs record the information of a request packet.
Yes
No
Was this page helpful?