tencent cloud

Tencent Cloud Firewall

Release Notes and Announcements
Release Notes
Engine Release Notes
Product Announcement
Getting Started
Product Introduction
Overview
Advantages
Scenarios
Key Concepts
Supported Region
CFW High Availability Specification
Purchase Guide
Billing Overview
Purchase Instructions
Billing Modes
Renewal Instructions
Resource deletion upon expiration
Refund Instructions
Operation Guide
Firewall Toggle
Asset Center
Alert Management
Traffic Monitoring
Access Control
Intrusion Defense
Network Detection and Response
Honeypot
Log Audit
Log Analysis
Log Shipping
Log Fields
Notifications and Settings
Common Tools
Practical Tutorial
Use Cloud Firewall with Other Products
DNS Firewall Practical Tutorial
Practical Tutorial for Protecting Against Mining Attacks
Inter-VPC Firewall Practice Tutorial
Troubleshooting
Solution for False Alarms and False Positives
API Documentation
History
Introduction
API Category
Making API Requests
Intrusion Defense APIs
Access Control APIs
Other APIs
Enterprise Security Group APIs
Firewall Status APIs
Data Types
Error Codes
FAQs
Basic Introduction
Bandwidth
Firewall
Feature
Log
Account
Billing
Others
Service Level Agreement
CFW Policy
Privacy Policy
Data Processing And Security Agreement
DocumentationTencent Cloud FirewallPractical TutorialUse Cloud Firewall with Other Products

Use Cloud Firewall with Other Products

PDF
Focus Mode
Font Size
Last updated: 2025-10-24 15:14:43
Cloud Firewall can be used with Anti-DDoS Advanced, Web Application Firewall (WAF), and Security Group for protection:

For inbound traffic
Cloud Firewall and WAF work together as the overall perimeter protection layer for cloud security. WAF offers protection for encrypted HTTPS traffic, while Cloud Firewall integrates threat intelligence, intrusion prevention system (IPS), and virtual patching to protect unencrypted traffic.
SaaS WAF and the edge firewall work in parallel. After the traffic passes through the SaaS WAF, it does not goes through the edge firewall. However, the traffic can go back to the source DNAT IP of the NAT firewall.
CLB WAF is deployed after Cloud Firewall. Traffic goes through the edge firewall before CLB WAF.
If Tencent Cloud CDN is used, traffic that goes back to CLB or CVM still passes through the edge firewall.
For outbound traffic
The NAT firewall can help control outgoing requests based on CVM and control access based on domain name. With Tencent Threat Intelligence, it can automatically block any malicious IP addresses or domain names for outgoing requests.
If the NAT firewall is not enabled, access control for outbound traffic is only available with the edge firewall after the traffic goes through the NAT gateway. From the perspective of Cloud Firewall, the traffic comes from a public IP address.
Since Cloud Firewall and Security Group are standalone systems, traffic is allowed only when it is allowed by the policies of both systems.
Cloud Firewall Enterprise offers enterprise-grade security group features, which allow flexible access control and blocked request logging between VPCs, subnets in a VPC, and IDC direct connections.
Note
Cloud Firewall offers protection based on public IP addresses, so you can enable it according to your demands:
Only enable protection for certain assets to save costs. We recommend that you enable protection for all your cloud assets to prevent intrusion from non-essential assets if your budget permits.
If only the web services of your cloud assets are exposed and they are protected by WAF, you can just enable outgoing request protection. This way, Cloud Firewall is used with WAF for overall network protection to secure both inbound and outbound connections at a lower cost.
Cloud Firewall has been used in gaming, e-commerce, and many other large-scale scenarios that require a bandwidth of dozens of Gbps. If your business traffic demands exceed 1 Gbps, contact our business manager for a custom business solution.
Previous Topic: Rule BackupNext Topic: DNS Firewall Practical Tutorial

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback