yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
e0076dd9e4a6630c7550320c6a3c30b50eafac3d
doc-exports/docs/cfw/umn/cfw_01_0202.html
qiaoli 5764cb4624 First version of the CFW UMN 
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: qiaoli <qiaoli@huawei.com>
Co-committed-by: qiaoli <qiaoli@huawei.com>
2025-01-21 12:54:40 +00:00

3.4 KiB
Raw Blame History

Creating a Firewall (VPC Mode)

A VPC border firewall can collect statistics on the traffic between VPCs, helping you detect abnormal traffic. This section describes how to create a VPC border firewall.

Constraints

Only the professional edition supports VPC border firewalls.

Procedure

  1. Log in to the management console.
  2. In the navigation pane on the left, click and choose Security > Cloud Firewall. The Dashboard page will be displayed.
  3. (Optional) Switch to another firewall instance: Select a firewall from the drop-down list in the upper left corner of the page.
  4. In the navigation pane, choose Assets > Inter-VPC Border Firewalls.
  5. Click Create Firewall.
  6. Configure a CIDR block. An inspection VPC will be automatically created by default.

    Pay attention to the following restrictions during network planning:

    • After a firewall is created, its CIDR block cannot be modified.
    • The CIDR block must meet the following requirements:
      • Only private network address segments (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) are supported. Otherwise, route conflicts may occur in public network access scenarios, such as SNAT.
      • The CIDR block 10.6.0.0/16-10.7.0.0/16 is reserved for CFW and cannot be used.
      • This CIDR block cannot overlap with the private CIDR block to be protected, or routing conflicts and protection failures may occur.

  7. Click OK.
Parent topic: VPC Mode