Cloud Access Management
- Product Introduction
- Getting Started
- User Guide
- Users
- Sub-Users
- Sub-User Security Credentials
- Collaborators
- Collaborator Security Credentials
- Message Recipients
- User Settings
- User Groups
- Role
- Identity Provider
- User-Based SSO
- Role-Based SSO
- Policies
- Definition
- Authorization Guide
- Syntax Logic
- Element Reference
- CAM-Enabled Role
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- CAM-Enabled API
- Compute
- Edge Computing
- Distributed cloud
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- Database SaaS Tool
- CDN and Acceleration
- Network Security
- Endpoint Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Image Creation
- AI Platform Service
- Natural Language Processing
- Optical Character Recognition
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- Practical Tutorial
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- CVM
- VPC
- API Documentation
- User APIs
- Role APIs
- Making API Requests
- Identity Provider APIs
- Policy APIs
Tencent Cloud Firewall
Last updated: 2025-03-26 09:56:40
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| Cloud Firewall | cfw | Supported | not supported | Operation level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AddAclRule | Add Internet Access Control Rules | Operation level | * | Supported |
| AddDnsAclRule | Add Dns access control rules | Operation level | * | Supported |
| AddEnterpriseSecurityGroupRules | Create New Enterprise Security Group Rules | Operation level | * | Supported |
| AddNatAcRule | Operation level | * | Supported | |
| AddNatFwTcRule | AddNatFwTcRule | Operation level | * | Supported |
| AddVpcAcRule | Operation level | * | Supported | |
| AddVpcFwTcRule | Add inter-VPC firewall traffic control policy | Operation level | * | Supported |
| AddZeroTrustWebService | Add zero trust web service | Operation level | * | Supported |
| CancelUpdateEngineReserveTask | CancelUpdateEngineReserveTask | Operation level | * | Supported |
| CreateAcRules | Create ACL Rules | Operation level | * | Supported |
| CreateAddressTemplate | Create address template | Operation level | * | Supported |
| CreateAlertCenterRule | Alarm Center-Block, Release and Disposal Interface | Operation level | * | Supported |
| CreateAsyncTask | CreateAsyncTask | Operation level | * | Supported |
| CreateBakRuleList | Operation level | * | Supported | |
| CreateBetaTask | Establishing Beta Automation Tasks | Operation level | * | Supported |
| CreateBlockIgnoreRuleList | Add block list and ignore list rules in batches | Operation level | * | Supported |
| CreateBlockIgnoreRuleNew | Add intrusion prevention block list and allow list rules in batches (new) | Operation level | * | Supported |
| CreateClsDeliverTask | CreateClsDeliverTask | Operation level | * | Supported |
| CreateDatabaseWhiteListRules | CreateDatabaseWhiteListRules | Operation level | * | Supported |
| CreateIOAAccessGroup | Override Edit IOA User Group Access | Operation level | * | Supported |
| CreateIdsWhiteRule | Create an intrusion prevention rule whitelist interface | Operation level | * | Supported |
| CreateNatFwInstance | Create a NAT firewall instance (Region parameter is required). | Operation level | * | Supported |
| CreateNatFwInstanceWithDomain | Create NAT firewall instance and connect a domain name (The Region parameter is required) | Operation level | * | Supported |
| CreatePcapTask | Create a packet capture task | Operation level | * | Supported |
| CreateProbeTask | create probe task | Operation level | * | Supported |
| CreateRemoteMtInstance | Create a zero-trust remote operation and maintenance instance | Operation level | * | Supported |
| CreateResourceGroup | CreateResourceGroup | Operation level | * | Supported |
| CreateSecurityGroupRules | Operation level | * | Supported | |
| CreateVpcFwGroup | Create an Inter-VPC Firewall (Firewall Group) | Operation level | * | Supported |
| CreateVpcFwInstance | Create an inter-VPC firewall instance | Operation level | * | Supported |
| CreateZeroTrustAclMulti | Adding Zero Trust Remote Operation and Maintenance Rules in Batch - Identity Perspective | Operation level | * | Supported |
| CreateZeroTrustCommandRule | Add zero trust remote operation and maintenance command control rules in batches | Operation level | * | Supported |
| CreateZeroTrustDomain | CreateZeroTrustDomain | Operation level | * | Supported |
| CreateZeroTrustTrial | Apply for Zero Trust Remote Operation and Maintenance Trial | Operation level | * | Supported |
| DeleteAcRule | Delete ACL Rule | Operation level | * | Supported |
| DeleteAddressTemplate | Delete address template rules | Operation level | * | Supported |
| DeleteAllAccessControlRule | DeleteAllAccessControlRule | Operation level | * | Supported |
| DeleteBlockIgnoreRuleAll | Delete all black and white lists (support filtering) | Operation level | * | Supported |
| DeleteBlockIgnoreRuleList | Delete intrusion prevention ban list and allow list rules in batches | Operation level | * | Supported |
| DeleteBlockIgnoreRuleNew | Deleting Intrusion Prevention Block List and Allow List Rules in Batch (New) | Operation level | * | Supported |
| DeleteClsDeliverTask | DeleteClsDeliverTask | Operation level | * | Supported |
| DeleteIOAAccessGroup | Delete iOA user group access | Operation level | * | Supported |
| DeleteIdsWhiteRule | Deleting the intrusion prevention rule whitelist interface | Operation level | * | Supported |
| DeleteNatFwInstance | Delete Nat Firewall Instance | Operation level | * | Supported |
| DeletePcapTask | DeletePcapTask | Operation level | * | Supported |
| DeleteRemoteAccessDomain | DeleteRemoteAccessDomain | Operation level | * | Supported |
| DeleteRemoteMtInstance | Delete a zero-trust remote operation and maintenance instance | Operation level | * | Supported |
| DeleteResourceGroup | delete cfw resource group | Operation level | * | Supported |
| DeleteSecurityGroupAllRule | Delete all security group rules | Operation level | * | Supported |
| DeleteSecurityGroupRule | Operation level | * | Supported | |
| DeleteVpcFwGroup | DeleteVpcFwGroup | Operation level | * | Supported |
| DeleteZeroTrustAuthUserInfoById | Batch deletion of zero trust operation and maintenance users | Operation level | * | Supported |
| DeleteZeroTrustCommandRule | Delete zero trust remote operation and maintenance command control rules | Operation level | * | Supported |
| DeleteZeroTrustDomain | DeleteZeroTrustDomain | Operation level | * | Supported |
| DeleteZeroTrustWebService | delete zero trust web service | Operation level | * | Supported |
| DeleteZeroTrustWebServiceAccess | delete zero trust web service access info | Operation level | * | Supported |
| ExpandCfwVertical | ExpandCfwVertical | Operation level | * | Supported |
| IgnoreZeroTrustError | Ignore Zero Trust Remote Operations error banner | Operation level | * | Supported |
| ImportBlockIgnoreRuleList | Batch import of intrusion prevention ban list and pass list rules | Operation level | * | Supported |
| ImportCFWFile | Import common methods | Operation level | * | Supported |
| ModifyAcRule | Modify ACL Rule | Operation level | * | Supported |
| ModifyAclApiDispatch | ACL write interface request transfer | Operation level | * | Supported |
| ModifyAclRule | Modify Internet Border Access Control Rules | Operation level | * | Supported |
| ModifyActionShowStatus | ModifyActionShowStatus | Operation level | * | Supported |
| ModifyAddressTemplate | Modify address template | Operation level | * | Supported |
| ModifyAllPublicIPSwitchStatus | ModifyAllPublicIPSwitchStatus | Operation level | * | Supported |
| ModifyAllRuleStatus | ModifyAllRuleStatus | Operation level | * | Supported |
| ModifyApiDispatch | ModifyApiDispatch | Operation level | * | Supported |
| ModifyAssetScan | ModifyAssetScan | Operation level | * | Supported |
| ModifyAssetSync | Asset Synchronization | Operation level | * | Supported |
| ModifyBetaTask | ModifyBetaTask | Operation level | * | Supported |
| ModifyBlockIgnoreList | Batch operation interface for ban list and release list | Operation level | * | Supported |
| ModifyBlockIgnoreRule | Edit individual intrusion prevention ban list and allow list rules | Operation level | * | Supported |
| ModifyBlockIgnoreRuleNew | Edit individual intrusion prevention block list and pass list rules (new) | Operation level | * | Supported |
| ModifyBlockTop | ModifyBlockTop | Operation level | * | Supported |
| ModifyChooseResourceGroup | Asset Center-Asset Group-Asset Operation | Operation level | * | Supported |
| ModifyClsDeliverSwitch | ModifyClsDeliverSwitch | Operation level | * | Supported |
| ModifyClsDeliverTask | ModifyClsDeliverTask | Operation level | * | Supported |
| ModifyCommonStatus | Universal asynchronous table modification interface | Operation level | * | Supported |
| ModifyDNSFWSwitchAll | Enable all DNS firewall switches (support filtering) | Operation level | * | Supported |
| ModifyDnsAclRule | Modify DNS access control rules | Operation level | * | Supported |
| ModifyDnsAclRuleSwitch | Enable or disable DNS rule switches in batches | Operation level | * | Supported |
| ModifyDnsAclRuleSwitchAll | Edit all DNS ACL rules (support filtering) | Operation level | * | Supported |
| ModifyDnsResolveIp | Configure Dns to resolve IP | Operation level | * | Supported |
| ModifyEWRuleStatus | Operation level | * | Supported | |
| ModifyEdgeIpSwitch | Change boundary firewall switch (bypass, serial) | Operation level | * | Supported |
| ModifyEdgeIpSwitchAll | Edit serial firewall switches (all on, all off) | Operation level | * | Supported |
| ModifyEdgeIpSwitchWeight | Edit Internet border ip switch weights | Operation level | * | Supported |
| ModifyEdgeName | Modify the name of the VPC firewall edge. | Operation level | * | Supported |
| ModifyEnterpriseSecurityDispatchStatus | Operation level | * | Supported | |
| ModifyEnterpriseSecurityGroupRule | Operation level | * | Supported | |
| ModifyEnterpriseSecurityGroupRuleLst | Operation level | * | Supported | |
| ModifyEnterpriseSecurityGroupSequenceRules | Operation level | * | Supported | |
| ModifyFwAZone | Modify firewall availability zone | Operation level | * | Supported |
| ModifyFwConfig | Edit firewall configuration | Operation level | * | Supported |
| ModifyFwGroupSwitch | Modify firewall (group) switch (supporting single-point mode, multi-point mode, and full interconnection mode) | Operation level | * | Supported |
| ModifyFwGroupSwitchAll | Modify VPC firewall all switches | Operation level | * | Supported |
| ModifyIgnoreAsyncTaskErr | Ignore exception task information | Operation level | * | Supported |
| ModifyIgnoreNdrSwitchErr | ModifyIgnoreNdrSwitchErr | Operation level | * | Supported |
| ModifyItemSwitchStatus | Modify FireWall Switch Status | Operation level | * | Supported |
| ModifyNatAcRule | Operation level | * | Supported | |
| ModifyNatAcRuleSwitchAll | Modify all NAT rule switches (support filtering) | Operation level | * | Supported |
| ModifyNatAclRuleSwitch | Enable or disable NAT rule switch | Operation level | * | Supported |
| ModifyNatFwConfig | Set up NAT firewall configuration | Operation level | * | Supported |
| ModifyNatFwReSelect | Reselect VPC or NAT for the NAT firewall instance. | Operation level | * | Supported |
| ModifyNatFwSwitch | Modify NAT firewall switch | Operation level | * | Supported |
| ModifyNatFwSwitchAll | Modify all switches of NAT firewall (support filtering) | Operation level | * | Supported |
| ModifyNatFwTcRule | Edit traffic control policy | Operation level | * | Supported |
| ModifyNatFwVpcDnsSwitch | NAT Firewall VPC DNS Switch Toggle | Operation level | * | Supported |
| ModifyNatInstance | ModifyNatInstance | Operation level | * | Supported |
| ModifyNatSequenceRules | Operation level | * | Supported | |
| ModifyNdrConfig | ModifyNdrConfig | Operation level | * | Supported |
| ModifyNdrSwitch | Enable/Disable Traffic Analysis Switch | Operation level | * | Supported |
| ModifyNdrSwitchAll | Enable all traffic analysis APIs (API filtering supported) | Operation level | * | Supported |
| ModifyNdrSwitchWeight | Edit traffic analysis switch weight | Operation level | * | Supported |
| ModifyNetflowRuleStatus | Operation level | * | Supported | |
| ModifyNetflowRuleStatusAll | Modify all internet boundary access control lists (support conditional filtering) | Operation level | * | Supported |
| ModifyNoticeCommonNew | General settings status modification (new) | Operation level | * | Supported |
| ModifyProbeTask | modify probe task | Operation level | * | Supported |
| ModifyRemoteMtInstance | Edit a zero-trust remote operation and maintenance instance | Operation level | * | Supported |
| ModifyResourceGroup | ModifyResourceGroup | Operation level | * | Supported |
| ModifyResourceGroupOrder | Asset Center Asset Group Movement | Operation level | * | Supported |
| ModifyRouteBackup | Modify backup route | Operation level | * | Supported |
| ModifySecurityGroupItemRuleStatus | Enable and disable individual enterprise security group rules | Operation level | * | Supported |
| ModifySecurityGroupRule | Operation level | * | Supported | |
| ModifySecurityGroupRuleAll | Edit all enterprise security group rules (support filtering) | Operation level | * | Supported |
| ModifySecurityGroupSequenceRules | Operation level | * | Supported | |
| ModifySecurityGroupTableStatus | Modify Security Group List Status | Operation level | * | Supported |
| ModifySequenceAclRules | Internet Rules Quick Sort | Operation level | * | Supported |
| ModifySequenceRules | modify rule sequence | Operation level | * | Supported |
| ModifySerialRegion | Edit Serial Firewall Regional Bandwidth Allocation | Operation level | * | Supported |
| ModifyStorageLogTypeSetting | Modify the tenant log storage type configuration | Operation level | * | Supported |
| ModifyStorageSetting | Log storage settings | Operation level | * | Supported |
| ModifyStrictModeConfig | Modify strict mode configuration | Operation level | * | Supported |
| ModifySwitchStatus | ModifySwitchStatus | Operation level | * | Supported |
| ModifyTableStatus | ModifyTableStatus | Operation level | * | Supported |
| ModifyTreatInfoStatus | Enable or disable threat intelligence | Operation level | * | Supported |
| ModifyVpcAcRule | Operation level | * | Supported | |
| ModifyVpcAcRuleAll | Edit all internal network access control lists (support filtering) | Operation level | * | Supported |
| ModifyVpcAcRuleSwitch | Operation level | * | Supported | |
| ModifyVpcCfwWidth | Vertical expansion of firewall between vpc | Operation level | * | Supported |
| ModifyVpcFwConfig | Set up inter-VPC firewall configuration | Operation level | * | Supported |
| ModifyVpcFwGroup | Edit the inter-VPC firewall (firewall group) | Operation level | * | Supported |
| ModifyVpcFwReSelect | Reselect VPC for inter-VPC firewall | Operation level | * | Supported |
| ModifyVpcFwSequenceRules | Operation level | * | Supported | |
| ModifyVpcFwSwitch | Modify the firewall switch between VPCs | Operation level | * | Supported |
| ModifyVpcFwTcRule | Editing a VPC Traffic Control Policy | Operation level | * | Supported |
| ModifyZeroTrustAssetAcl | Edit Zero Trust Remote Operation and Maintenance Asset Permission Details | Operation level | * | Supported |
| ModifyZeroTrustAuthUserInfoById | Mass Modification of Zero Trust Operational Users | Operation level | * | Supported |
| ModifyZeroTrustBlockStatus | Zero Trust Unauthorized Block Button | Operation level | * | Supported |
| ModifyZeroTrustCommandRule | Modify zero trust remote operation and maintenance command control rules | Operation level | * | Supported |
| ModifyZeroTrustCommandRuleSwitch | Batch modification of zero trust remote operation and maintenance command control rule switches | Operation level | * | Supported |
| ModifyZeroTrustCommandRuleSwitchAll | Modify all zero trust remote operation and maintenance command control rules (supports filtering) | Operation level | * | Supported |
| ModifyZeroTrustDomain | ModifyZeroTrustDomain | Operation level | * | Supported |
| ModifyZeroTrustEip | Edit Zero Trust Regional Public IP | Operation level | * | Supported |
| ModifyZeroTrustInstancePort | Edit Zero Trust Remote Operation and Maintenance Server Instance Port | Operation level | * | Supported |
| ModifyZeroTrustRegionSwitch | Modify Zero Trust Operation and Maintenance Region Switch | Operation level | * | Supported |
| ModifyZeroTrustRule | ModifyZeroTrustRule | Operation level | * | Supported |
| ModifyZeroTrustRuleSwitch | Modify IOA permission rule switches in batches | Operation level | * | Supported |
| ModifyZeroTrustRuleSwitchAll | Modify all zero-trust permission rules (support filtering) | Operation level | * | Supported |
| ModifyZeroTrustUserAcl | Edit Zero Trust Remote Operation and Maintenance User Permissions Details | Operation level | * | Supported |
| ModifyZeroTrustVpcSwitch | Modify Zero Trust VPC Switch | Operation level | * | Supported |
| ModifyZeroTrustVpcSwitchAll | Batch Modify Zero Trust VPC Switches | Operation level | * | Supported |
| ModifyZeroTrustWebService | modify zero web service base info | Operation level | * | Supported |
| ProbeQuickly | probe quickly | Operation level | * | Supported |
| RemoveAcRule | RemoveAcRule | Operation level | * | Supported |
| RemoveAclRule | Delete Internet Access Control Rules | Operation level | * | Supported |
| RemoveDnsAclRule | Delete Dns Access Control Rules | Operation level | * | Supported |
| RemoveEnterpriseSecurityGroupRule | Operation level | * | Supported | |
| RemoveEnterpriseSecurityGroupRuleLst | Operation level | * | Supported | |
| RemoveNatAcRule | Operation level | * | Supported | |
| RemoveOfflineExportTask | Delete offline log export tasks | Operation level | * | Supported |
| RemoveVpcAcRule | Operation level | * | Supported | |
| RemoveVpcFwTcRule | Deleting a VPC Traffic Control Policy | Operation level | * | Supported |
| ResetDnsRuleHitTimes | Reset hit count for DNS firewall rules | Operation level | * | Supported |
| ResetNatRuleHitTimes | Operation level | * | Supported | |
| ResetVpcRuleHitTimes | Operation level | * | Supported | |
| RestartFwIns | Restart the firewall instance | Operation level | * | Supported |
| RunSyncAsset | Synchronize assets - Internet & VPC | Operation level | * | Supported |
| SaveAutoBackUpSetting | Operation level | * | Supported | |
| SetCfwInsBypass | Set firewall instance bypass | Operation level | * | Supported |
| SetNatFwDnatRule | SetNatFwDnatRule | Operation level | * | Supported |
| SetNatFwEip | Set up an EIP address for the NAT firewall instance | Operation level | * | Supported |
| SetNatProbeEip | SetNatProbeEip | Operation level | * | Supported |
| StopAsyncTask | StopAsyncTask | Operation level | * | Supported |
| StopSecurityGroupRuleDispatch | Operation level | * | Supported | |
| SwitchMaster | Firewall switchover | Operation level | * | Supported |
| SyncIOAUserAccess | Synchronize iOA user access data | Operation level | * | Supported |
| SyncWeChatWorkAccess | Synchronize enterprise WeChat access data | Operation level | * | Supported |
| UnbindEdgeCFW | Unbundling SD-WAN edge and CFW | Operation level | * | Supported |
| UpdateEngine | Upgrading the firewall engine | Operation level | * | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AddZBTiNotice | Important security information notification | Operation level | * | Supported |
| CheckNatFwTcRule | Check flow control rules for conflicts | Operation level | * | Supported |
| CheckVpcFwTcRule | CheckVpcFwTcRule | Operation level | * | Supported |
| CreateChooseVpcs | CreateChooseVpcs | Operation level | * | Supported |
| CreateZeroTrustRule | CreateZeroTrustRule | Operation level | * | Supported |
| DeleteZeroTrustRule | DeleteZeroTrustRule | Operation level | * | Supported |
| DescribeAccessDomainInfoList | Operation level | * | Supported | |
| DescribeAclApiDispatch | Operation level | * | Supported | |
| DescribeAclRuleExportStatus | Query the export status of Acl rules | Operation level | * | Supported |
| DescribeAclTag | Access control tag query | Operation level | * | Supported |
| DescribeAddressTemplateList | Query address template list | Operation level | * | Supported |
| DescribeAlertCenterEventNameSelectList | Dynamically obtain the alarm center security event filter list | Operation level | * | Supported |
| DescribeAlertLogEventNameSelectList | Dynamically obtain the intrusion prevention log security event filter list | Operation level | * | Supported |
| DescribeAllRegionList | Query region configuration information | Operation level | * | Supported |
| DescribeAllZoneList | Availability zone information | Operation level | * | Supported |
| DescribeApiDispatch | DescribeApiDispatch | Operation level | * | Supported |
| DescribeAreaStatus | DescribeAreaStatus | Operation level | * | Supported |
| DescribeAssetEventTree | DescribeAssetEventTree | Operation level | * | Supported |
| DescribeAssetFilterList | DescribeAssetFilterList | Operation level | * | Supported |
| DescribeAssetOverviewNew | DescribeAssetOverviewNew | Operation level | * | Supported |
| DescribeAssetScanList | DescribeAssetScanList | Operation level | * | Supported |
| DescribeAssetScanStatus | DescribeAssetScanStatus | Operation level | * | Supported |
| DescribeAssetSync | Asset synchronization status query | Operation level | * | Supported |
| DescribeAssociatedInstanceList | Operation level | * | Supported | |
| DescribeAsyncTask | Query asynchronous task information | Operation level | * | Supported |
| DescribeAsyncTaskErr | Asynchronous task exception information | Operation level | * | Supported |
| DescribeAutoBackUpSettingList | Operation level | * | Supported | |
| DescribeBandWidthBanner | Bandwidth Exceeded Banner | Operation level | * | Supported |
| DescribeBetaTaskAclRuleList | DescribeBetaTaskAclRuleList | Operation level | * | Supported |
| DescribeBillingInfo | Query billing information | Operation level | * | Supported |
| DescribeBlackWhiteQuota | Operation level | * | Supported | |
| DescribeBlockByIpTimesList | DescribeBlockByIpTimesList | Operation level | * | Supported |
| DescribeBlockIPBySGSwitch | DescribeBlockIPBySGSwitch | Operation level | * | Supported |
| DescribeBlockIgnoreImportCredential | DescribeBlockIgnoreImportCredential | Operation level | * | Supported |
| DescribeBlockIgnoreList | Operation level | * | Supported | |
| DescribeBlockIgnoreRulesImportProgress | DescribeBlockIgnoreRulesImportProgress | Operation level | * | Supported |
| DescribeBlockStaticList | Alarm center column chart | Operation level | * | Supported |
| DescribeBlockTimesList | Alarm Center-Blocking Line Chart | Operation level | * | Supported |
| DescribeBorderACLList | Operation level | * | Supported | |
| DescribeBorderFwRuleHitDetail | Query edge access control rule hit details | Operation level | * | Supported |
| DescribeBorderRuleStatus | Query Internet boundary rule quota and usage situation | Operation level | * | Supported |
| DescribeCdcIds | Operation level | * | Supported | |
| DescribeCfwCidr | DescribeCfwCidr | Operation level | * | Supported |
| DescribeCfwEips | DescribeCfwEips | Operation level | * | Supported |
| DescribeCfwInsStatus | Operation level | * | Supported | |
| DescribeCfwUpdateStatus | Operation level | * | Supported | |
| DescribeCfwUserStatus | Query tenant cloud firewall usage | Operation level | * | Supported |
| DescribeCfwVersion | Query the engine mode and version number of the NAT VPC firewall. | Operation level | * | Supported |
| DescribeChangeGroupRuleNotice | Query whether it is necessary to display the rule changes of the security group | Operation level | * | Supported |
| DescribeChangeGroupRules | Operation level | * | Supported | |
| DescribeChangeSecurityGroupAssociateInstances | Operation level | * | Supported | |
| DescribeChangeSecurityGroupNum | Operation level | * | Supported | |
| DescribeCheckCLSStatus | Check if the current user has subscribed to CLS service | Operation level | * | Supported |
| DescribeChooseAsset | DescribeChooseAsset | Operation level | * | Supported |
| DescribeCidrRelatedInstances | Operation level | * | Supported | |
| DescribeClsDeliverTask | DescribeClsDeliverTask | Operation level | * | Supported |
| DescribeConfig | Operation level | * | Supported | |
| DescribeCosBucketList | DescribeCosBucketList | Operation level | * | Supported |
| DescribeDNSFWStatus | Get DNS Firewall Status Bar | Operation level | * | Supported |
| DescribeDNSFWSwitch | Get DSN firewall switch information | Operation level | * | Supported |
| DescribeDNSProtectList | Get DNS firewall intrusion prevention list | Operation level | * | Supported |
| DescribeDefenseSwitch | Get a list of attack and defense buttons | Operation level | * | Supported |
| DescribeDnsAclRule | Query the DNS access control list | Operation level | * | Supported |
| DescribeDnsFwRuleHitDetail | Query DNS access control rule hit details | Operation level | * | Supported |
| DescribeDnsRuleStatus | Query the quota and usage of DNS rules | Operation level | * | Supported |
| DescribeDomainParseIpLst | Query domain name ip resolution list | Operation level | * | Supported |
| DescribeEdgeFwFlowStat | Border firewall status monitoring TAB page content | Operation level | * | Supported |
| DescribeEdgeIpFlowLists | Query the Internet border IP switch traffic statistics list | Operation level | * | Supported |
| DescribeElasticBandWidth | Tenant elastic bandwidth interval query | Operation level | * | Supported |
| DescribeEngineUpdateDetail | DescribeEngineUpdateDetail | Operation level | * | Supported |
| DescribeEnterpriseSGRuleProgress | Operation level | * | Supported | |
| DescribeEnterpriseSecurityDispatchStatus | Operation level | * | Supported | |
| DescribeEnterpriseSecurityGroupRule | DescribeEnterpriseSecurityGroupRule | Operation level | * | Supported |
| DescribeEnterpriseSecurityGroupRuleList | query enterprise security rule list | Operation level | * | Supported |
| DescribeEnterpriseSecurityNotDispatchCount | Operation level | * | Supported | |
| DescribeEsLog | DescribeEsLog | Operation level | * | Supported |
| DescribeEventNameList | DescribeEventNameList | Operation level | * | Supported |
| DescribeExportFlowLogs | DescribeExportFlowLogs | Operation level | * | Supported |
| DescribeExportLogs | DescribeExportLogs | Operation level | * | Supported |
| DescribeFlowCenterAddressLists | DescribeFlowCenterAddressLists | Operation level | * | Supported |
| DescribeFlowCenterAssetLists | DescribeFlowCenterAssetLists | Operation level | * | Supported |
| DescribeFlowCenterLogsV1 | Internet traffic center list query | Operation level | * | Supported |
| DescribeFlowDistributeList | Internet Traffic Center Traffic Map Query | Operation level | * | Supported |
| DescribeFuncDynamics | Dynamic query of functions | Operation level | * | Supported |
| DescribeFwConfig | Query firewall configuration | Operation level | * | Supported |
| DescribeFwEdgeBar | Internet Boundary Page Overview Data | Operation level | * | Supported |
| DescribeFwEdgeIps | Serial firewall switch list | Operation level | * | Supported |
| DescribeFwFirstConfig | First time entering the firewall page configuration | Operation level | * | Supported |
| DescribeFwGroupIdNames | Operation level | * | Supported | |
| DescribeFwGroupInstanceInfo | Obtain All Tenant VPC Firewalls (Groups) and VPC Firewall Instance Card Information | Operation level | * | Supported |
| DescribeFwSwitchOverview | Query firewall switch summary | Operation level | * | Supported |
| DescribeFwSyncStatus | Get firewall synchronization status | Operation level | * | Supported |
| DescribeGlobalSetting | Operation level | * | Supported | |
| DescribeGroupAddressIpList | Query IP information of asset groups | Operation level | * | Supported |
| DescribeGuideScanInfo | Novice guide to scan interface information | Operation level | * | Supported |
| DescribeHoneyPotAttacker | Query the Aggregator List | Operation level | * | Supported |
| DescribeIOAAccessDirectoryList | Query the IOA access directory list | Operation level | * | Supported |
| DescribeIOAAccountGroups | Query IOA account directory list | Operation level | * | Supported |
| DescribeIOALocalAccounts | Query iOA account list | Operation level | * | Supported |
| DescribeIPStatusList | DescribeIPStatusList | Operation level | * | Supported |
| DescribeIdsWhiteRule | Query intrusion prevention rule whitelist interface | Operation level | * | Supported |
| DescribeImportCredential | Get temporary records of imported file uploads | Operation level | * | Supported |
| DescribeImportWeChatSpec | DescribeImportWeChatSpec | Operation level | * | Supported |
| DescribeInternetOutOverview | Query of Outbound Overview in Traffic Center | Operation level | * | Supported |
| DescribeIpStatLst | Get the peak bandwidth of a single cvm of nat vpc | Operation level | * | Supported |
| DescribeIpTcRule | Query the flow control policy of IP | Operation level | * | Supported |
| DescribeIsolateList | Query Isolation List | Operation level | * | Supported |
| DescribeLogStorageStatistic | Tenant log storage statistics | Operation level | * | Supported |
| DescribeLogs | Operation level | * | Supported | |
| DescribeLogsAsync | Log audit log asynchronous query | Operation level | * | Supported |
| DescribeLogsCountAsync | Obtain the total number of log audit log asynchronous query results | Operation level | * | Supported |
| DescribeLogsResultAsync | Log audit log asynchronous query result list acquisition | Operation level | * | Supported |
| DescribeModifyResourceUser | check modify privilege | Operation level | * | Supported |
| DescribeModuleConfig | Operation level | * | Supported | |
| DescribeNDRAssetList | DescribeNdrAssetList | Operation level | * | Supported |
| DescribeNDRConfig | Get traffic analysis configuration | Operation level | * | Supported |
| DescribeNDRSwitchErr | Describe NDR Switch Error | Operation level | * | Supported |
| DescribeNatAcRule | Operation level | * | Supported | |
| DescribeNatConnectionsTrends | NAT Firewall monitoring panel-connection statistics | Operation level | * | Supported |
| DescribeNatExistRegions | DescribeNatExistRegions | Operation level | * | Supported |
| DescribeNatFwInfoCount | Get the number of all subnets and the number of natfw instances that the current user has access to the nat firewall. | Operation level | * | Supported |
| DescribeNatFwInstance | Operation level | * | Supported | |
| DescribeNatFwInstanceWithRegion | Query Tenant Maintainable NAT Instances | Operation level | * | Supported |
| DescribeNatFwInstancesInfo | Operation level | * | Supported | |
| DescribeNatFwRouteBackupLst | Query the details of the NAT firewall backup route | Operation level | * | Supported |
| DescribeNatFwRuleHitDetail | Query the hit details of NAT access control rules | Operation level | * | Supported |
| DescribeNatFwSwitch | Query NAT firewall switch list response | Operation level | * | Supported |
| DescribeNatFwVpcDnsLst | Display the VPC DNS switch corresponding to the current NATFW instance. | Operation level | * | Supported |
| DescribeNatGwJoinFwStatus | Query whether natgw is connected to the firewall | Operation level | * | Supported |
| DescribeNatIpConnections | NAT firewall monitoring panel-IP perspective connection number statistics | Operation level | * | Supported |
| DescribeNatNewFlowStatsData | NAT Monitoring Panel-Peak Average Bandwidth Statistics | Operation level | * | Supported |
| DescribeNatRuleScopes | Query the list of selectable effective scopes for Nat rules. | Operation level | * | Supported |
| DescribeNatRuleStatus | Query NAT rule quota and usage situation | Operation level | * | Supported |
| DescribeNatSessionConnections | NAT firewall monitoring panel-session perspective connection number statistics | Operation level | * | Supported |
| DescribeNatSubnetStatLst | NAT firewall subnet traffic statistics display | Operation level | * | Supported |
| DescribeNetFlowDomainInfo | Query the active external domain name list | Operation level | * | Supported |
| DescribeNetFlowDomainTop | Obtain the Top 5 active external domain name traffic | Operation level | * | Supported |
| DescribeNetflowBorderUsed | Internet border usage excess alarm | Operation level | * | Supported |
| DescribeNetflowCenterTrends | Traffic center traffic line chart query | Operation level | * | Supported |
| DescribeNewAuthInfo | Operation level | * | Supported | |
| DescribeNewNatCheckInfo | DescribeNewNatCheckInfo | Operation level | * | Supported |
| DescribeNoInsOfSecurityGroup | Operation level | * | Supported | |
| DescribeNodeEdge | Firewall Switch - VPC Boundary Firewall - Virtual Private Cloud VPC Topology Diagram | Operation level | * | Supported |
| DescribeNtaFile | nta file list | Operation level | * | Supported |
| DescribeNtaFileDownUrl | Query NTA file download link | Operation level | * | Supported |
| DescribeOfflineExportTask | DescribeOfflineExportTask | Operation level | * | Supported |
| DescribeOfflineExportTemporaryCredentials | DescribeOfflineExportTemporaryCredentials | Operation level | * | Supported |
| DescribeOperateLogSelect | Obtain operation log filter box data | Operation level | * | Supported |
| DescribeOrderDetailList | Get order details | Operation level | * | Supported |
| DescribeProbeHistory | DescribeProbeHistory | Operation level | * | Supported |
| DescribeProbeTaskDetail | DescribeProbeTaskDetail | Operation level | * | Supported |
| DescribeQueryNotEmptyRuleListInfo | Operation level | * | Supported | |
| DescribeResourceGroup | Asset Center Asset Tree Information Query | Operation level | * | Supported |
| DescribeResourceGroupNew | Operation level | * | Supported | |
| DescribeRuleOverview | describe rule overview | Operation level | * | Supported |
| DescribeSGRuleProgress | Operation level | * | Supported | |
| DescribeSecurityGroupAssociateInstances | Operation level | * | Supported | |
| DescribeSecurityGroupList | Operation level | * | Supported | |
| DescribeSecurityGroupRuleStatus | Query enterprise security group rule quota and usage situation | Operation level | * | Supported |
| DescribeSecurityGroupVersionInfo | Security group rule change version information | Operation level | * | Supported |
| DescribeSelectAssetGroup | Asset information query under asset group | Operation level | * | Supported |
| DescribeSelectedAssetsByUserId | Query the detailed list of allocation permissions | Operation level | * | Supported |
| DescribeSerialRegion | DescribeSerialRegion | Operation level | * | Supported |
| DescribeShowBakRuleList | Operation level | * | Supported | |
| DescribeSourceAsset | Query all asset information of an asset group | Operation level | * | Supported |
| DescribeStrictModeConfig | DescribeStrictModeConfig | Operation level | * | Supported |
| DescribeSwitchError | Error message on the Internet border firewall switch banner | Operation level | * | Supported |
| DescribeSwitchStatus | DescribeSwitchStatus | Operation level | * | Supported |
| DescribeSyncIOAUserAccessStatus | Get synchronization iOA user synchronization status | Operation level | * | Supported |
| DescribeSyncWeChatWorkAccessStatus | Get the synchronization status of enterprise WeChat | Operation level | * | Supported |
| DescribeTLogInfo | Describe TLog Info | Operation level | * | Supported |
| DescribeTLogIpList | Describe TLog IpList | Operation level | * | Supported |
| DescribeTableStatus | DescribeTableStatus | Operation level | * | Supported |
| DescribeTagIpList | Operation level | * | Supported | |
| DescribeTiCenterList | DescribeTiCenterList | Operation level | * | Supported |
| DescribeTiContent | DescribeTiContent | Operation level | * | Supported |
| DescribeTrialModuleConfig | Query resource configuration module | Operation level | * | Supported |
| DescribeUnHandleEventTabList | DescribeUnHandleEventTabList | Operation level | * | Supported |
| DescribeUserListByAssetId | Query asset permission overview | Operation level | * | Supported |
| DescribeUserStatus | Operation level | * | not supported | |
| DescribeVisitTimesAndFlowAssetMaxTop | DescribeVisitTimesAndFlowAssetMaxTop | Operation level | * | Supported |
| DescribeVpcAcRule | Operation level | * | Supported | |
| DescribeVpcAclEdgeRange | Operation level | * | Supported | |
| DescribeVpcConnectionsTrends | Inter-VPC firewall monitoring panel-connection statistics | Operation level | * | Supported |
| DescribeVpcDetail | Operation level | * | Supported | |
| DescribeVpcEdgeList | Operation level | * | Supported | |
| DescribeVpcEdgeStatus | DescribeVpcEdgeStatus | Operation level | * | Supported |
| DescribeVpcFlowCenterLogsV1 | Vpc traffic center list query | Operation level | * | Supported |
| DescribeVpcFwCrossStatus | Get the status of VPC firewall across tenant edge or vpc | Operation level | * | Supported |
| DescribeVpcFwGroupFlowStat | VPC firewall status monitoring TAB page content | Operation level | * | Supported |
| DescribeVpcFwGroupIns | Query the firewall (group) ID name and the corresponding relationship under the instance. | Operation level | * | Supported |
| DescribeVpcFwGroupSwitch | VPC Firewall (Group) Switch List | Operation level | * | Supported |
| DescribeVpcFwIpStat | Query traffic statistics at a single IP granularity under the VPC firewall | Operation level | * | Supported |
| DescribeVpcFwJoinInstances | DescribeVpcFwJoinInstances | Operation level | * | Supported |
| DescribeVpcFwRuleHitDetail | Query the hit details of access control rules between intranets | Operation level | * | Supported |
| DescribeVpcFwViewStat | DescribeVpcFwViewStat | Operation level | * | Supported |
| DescribeVpcFwVpcStat | Query traffic statistics at vpc granularity under the VPC firewall | Operation level | * | Supported |
| DescribeVpcInstance | Obtain the list of all VPC firewall instances of the tenant. | Operation level | * | Supported |
| DescribeVpcIpConnections | Inter-VPC firewall monitoring panel-IP perspective connection number statistics | Operation level | * | Supported |
| DescribeVpcLogEdge | Operation level | * | Supported | |
| DescribeVpcLogStatus | Operation level | * | Supported | |
| DescribeVpcRuleStatus | Operation level | * | Supported | |
| DescribeVpcSessionConnections | Inter-VPC firewall monitoring panel - connection statistics from session perspective | Operation level | * | Supported |
| DescribeWeChatWorkUserList | Query the list of enterprise WeChat access personnel | Operation level | * | Supported |
| DescribeWeComStatus | Operation level | * | Supported | |
| DescribeWebAssetFilterList | DescribeWebAssetFilterList | Operation level | * | Supported |
| DescribeWebCosUrl | Operation level | * | Supported | |
| DescribeWebServiceStat | DescribeWebServiceStat | Operation level | * | Supported |
| DescribeWebServices | Asset Center web service query list | Operation level | * | Supported |
| DescribeYwUserList | Operation and maintenance user list | Operation level | * | Supported |
| DescribeZeroTrustAccessList | Query the list of zero trust remote operation and maintenance identity access cards | Operation level | * | Supported |
| DescribeZeroTrustAccessOverview | DescribeZeroTrustAccessOverview | Operation level | * | Supported |
| DescribeZeroTrustAccessSpecifications | DescribeZeroTrustAccessSpecifications | Operation level | * | Supported |
| DescribeZeroTrustAllAccessLog | zero trust asset access log | Operation level | * | Supported |
| DescribeZeroTrustAssetOverView | Zero Trust Assets Overview | Operation level | * | Supported |
| DescribeZeroTrustAuthorityOverview | Query Zero Trust Permissions Overview | Operation level | * | Supported |
| DescribeZeroTrustBlockPreview | Query Zero Trust Ban Preview | Operation level | * | Supported |
| DescribeZeroTrustBlockStatus | Query zero trust unauthorized access ban status | Operation level | * | Supported |
| DescribeZeroTrustCommandRule | Query the list of zero trust remote operation and maintenance command control rules | Operation level | * | Supported |
| DescribeZeroTrustCommandRuleHitDetail | Query zero trust remote operation and maintenance command control rule hit details | Operation level | * | Supported |
| DescribeZeroTrustConfig | Query zero trust remote operation and maintenance configuration | Operation level | * | Supported |
| DescribeZeroTrustDb | zero trust database asset list | Operation level | * | Supported |
| DescribeZeroTrustDomainInfo | DescribeZeroTrustDomainInfo | Operation level | * | Supported |
| DescribeZeroTrustDomainList | DescribeZeroTrustDomainList | Operation level | * | Supported |
| DescribeZeroTrustError | Query Zero Trust Remote Operation and Maintenance Error Banner | Operation level | * | Supported |
| DescribeZeroTrustRegionItem | DescribeZeroTrustRegionItem | Operation level | * | Supported |
| DescribeZeroTrustVpcList | Zero trust asset access VPC list | Operation level | * | Supported |
| ExportAclRules | Export ACL rule file | Operation level | * | Supported |
| ExportLogsOffline | Log audit log offline export | Operation level | * | Supported |
| ExportZeroTrustDb | export zero trust databases asset | Operation level | * | Supported |
| GetResourceGroupChangeImpact | GetResourceGroupChangeImpact | Operation level | * | not supported |
| ModifyZeroTrustWebServiceAccess | modify zero trust web service access | Operation level | * | Supported |
| OpenZeroTrustWebServiceAccess | open zero trust web service access | Operation level | * | Supported |
| QueryVpcFwSupportSwitchMode | Query the switch modes supported by the firewall between VPCs | Operation level | * | Supported |
| RemoveNatFwTcRule | Deleting a traffic control policy | Operation level | * | Supported |
| ResetAclRuleHitTimes | Reset hit count for internet rules | Operation level | * | Supported |
Other Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DeleteBillingResource | Billing active destruction | Operation level | * | Supported |
| ModifyLoginTime | Update login time | Operation level | * | Supported |
| ModifyPolicyAuthority | Report Policy Permissions | Operation level | * | Supported |
| ModifyUserAuthCheckStatus | Asset Sync Authorization Status Change | Operation level | * | Supported |
| SyncFwOperate | Synchronize firewall operations | Operation level | * | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeAcLists | Query Access Control List | Operation level | * | Supported |
| DescribeAclRule | Query the Internet Access Control List | Operation level | * | Supported |
| DescribeAddrTmplSelectList | rule select address Template liet | Operation level | * | Supported |
| DescribeBaradStatus | DescribeBaradStatus | Operation level | * | Supported |
| DescribeDefenseError | DescribeDefenseError | Operation level | * | Supported |
| DescribeDnsResolveIp | DescribeDnsResolveIp | Operation level | * | Supported |
| DescribeFwEngineZoneList | DescribeFwEngineZoneList | Operation level | * | Supported |
| DescribeNatFwDnatRule | DescribeNatFwDnatRule | Operation level | * | Supported |
| DescribePresetAddrTmplList | query preset address template list | Operation level | * | Supported |
| DescribeRemoteInstances | Query the list of zero-trust remote operation and maintenance instances | Operation level | * | Supported |
| DescribeSetNatProbeEipTaskStatus | DescribeSetNatProbeEipTaskStatus | Operation level | * | Supported |
| DescribeSwitchLists | Query FireWall Switch list | Operation level | * | Supported |
| DescribeUserBandwidthUsage | DescribeUserBandwidthUsage | Operation level | * | Supported |
| DescribeZeroTrustRule | DescribeZeroTrustRule | Operation level | * | Supported |
| DescribeZeroTrustRuleHitDetail | DescribeZeroTrustRuleHitDetail | Operation level | * | Supported |
| ExportNatFwDnatRule | ExportNatFwDnatRule | Operation level | * | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No