yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
fix_python
doc-exports/docs/cfw/umn/cfw_01_0235.html
qiaoli 5764cb4624 First version of the CFW UMN 
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: qiaoli <qiaoli@huawei.com>
Co-committed-by: qiaoli <qiaoli@huawei.com>
2025-01-21 12:54:40 +00:00

11 KiB
Raw Permalink Blame History

Creating a VPC Border Firewall

A VPC border firewall can collect statistics on communication traffic between VPCs, helping you detect abnormal traffic. This section describes how to create a VPC border firewall.

Prerequisites

  • You have an enterprise router.
  • To create a VPC border firewall, you need to configure an inspection VPC that consumes a VPC protection quota for traffic diversion. The current account must have a VPC that does not transmit traffic and has no subnets associated, and the VPCs under the account can create at least 2 route tables.

Procedure

  1. Log in to the management console.
  2. In the navigation pane on the left, click and choose Security > Cloud Firewall. The Dashboard page will be displayed.
  3. (Optional) Switch to another firewall instance: Select a firewall from the drop-down list in the upper left corner of the page.
  4. In the navigation pane, choose Assets > Inter-VPC Border Firewalls.
  5. Configure the subnets associated with the enterprise router and the cloud firewall, respectively. Click Create Firewall. Configure the enterprise router and associated subnets.

    Table 1 Parameters for a VPC border firewall

    Parameter

    Description

    Example Value

    Enterprise Router

    Select an enterprise router.

    cfw-er

    Inspection VPC

    Select a VPC. The inspection VPC cannot use the network segments already specified in other VPCs associated with the enterprise router.

    vpc-cfw-er

    IPv4 Segment

    After you select a VPC, the IPv4 address is automatically displayed.

    xx.xx.0.0/16

    AZ

    Select an AZ.

    AZ1

    Subnet

    (Subnet Associated with Enterprise Router)

    Subnet name.

    cfw-er-1

    Subnet

    (Subnet Associated to Cloud Firewall-1)

    cfw-er-2

    Subnet

    (Subnet Associated to Cloud Firewall-2)

    cfw-er-3

    IPv4 CIDR Block

    (Subnet Associated with Enterprise Router)

    IPv4 CIDR Block

    NOTE:
    • Ensure the value must not conflict with existing subnets.
    • Ensure the three subnet segments do not conflict with each other.

    xx.xx.1.0/24

    IPv4 CIDR Block (Subnet 1 Associated with a Cloud Firewall-1)

    xx.xx.2.0/24

    IPv4 CIDR Block

    (Subnet Associated to Cloud Firewall-2)

    xx.xx.3.0/24

  6. Click OK. The firewall will be created in 3 to 5 minutes.

    During the creation, you can only check the Dashboard page. The firewall status will change to Upgrading.

Parent topic: Enterprise Router Mode