tencent cloud

Tencent Cloud Firewall

Release Notes and Announcements
Release Notes
Engine Release Notes
Product Announcement
Getting Started
Product Introduction
Overview
Advantages
Scenarios
Key Concepts
Supported Region
CFW High Availability Specification
Purchase Guide
Billing Overview
Purchase Instructions
Billing Modes
Renewal Instructions
Resource deletion upon expiration
Refund Instructions
Operation Guide
Firewall Toggle
Asset Center
Alert Management
Traffic Monitoring
Access Control
Intrusion Defense
Network Detection and Response
Honeypot
Log Audit
Log Analysis
Log Shipping
Log Fields
Notifications and Settings
Common Tools
Practical Tutorial
Use Cloud Firewall with Other Products
DNS Firewall Practical Tutorial
Practical Tutorial for Protecting Against Mining Attacks
Inter-VPC Firewall Practice Tutorial
Troubleshooting
Solution for False Alarms and False Positives
API Documentation
History
Introduction
API Category
Making API Requests
Intrusion Defense APIs
Access Control APIs
Other APIs
Enterprise Security Group APIs
Firewall Status APIs
Data Types
Error Codes
FAQs
Basic Introduction
Bandwidth
Firewall
Feature
Log
Account
Billing
Others
Service Level Agreement
CFW Policy
Privacy Policy
Data Processing And Security Agreement
DocumentationTencent Cloud FirewallFAQsFirewallCloud Firewall

Cloud Firewall

PDF
Focus Mode
Font Size
Last updated: 2025-06-24 16:34:38

What protocols does Cloud Firewall support?

Edge firewall supports TCP, HTTP, and HTTPS currently.
NAT edge firewall supports TCP, UDP, ICMP, HTTP, HTTPS, SMTP, SMTPS, and FTP.
Inter-VPC firewall supports TCP, UDP, and ICMP.

How CFW Protects UDP Protocol?

Internet edge firewall (serial mode) supports UDP protocol protection.
Internet edge firewall (bypass mode) does not support UDP protocol protection.

Redundancy of CFW?

The Internet edge firewall uses a cluster deployment method, while the NAT edge firewall and inter-VPC firewall default to Primary-Backup Deployment.

Does CFW Support Single-Zone High Availability?

There are two cases: the Internet boundary uses physical machine deployment in clusters to implement an active-active mechanism, unaffected by AZs; the NAT edge firewall and VPC boundary firewall use virtualization technology and currently support cross-regional availability zone deployment. During disaster recovery switch, we synchronize session tables to ensure connections are not interrupted. The latency is around 10 seconds, primarily due to the time required for the heartbeat mechanism to detect AZ abnormalities.

Unable to Enter CFW Console after Purchase, Page Continuously Refreshing, How to Resolve?

For first-time operating users, attempt to access the Asset Center Page. At that time, a pop-up prompt box will appear on the webpage, guiding users in completing role authorization. After authorization completion, they can access the Cloud Firewall console normally.

Does CFW Support Tencent Cloud Direct Connect to IDC Computer Room Protection and Deployment in Physical Server Room?

Tencent Cloud Firewall is SaaS-based and does not support deployment in physical server rooms.

How to View the Current Firewall Version Number?

Inter-VPC firewall: You can query it through the API DescribeFwGroupInstanceInfo, use F12 to access the corresponding firewall switch, and view the "EngineVersion": "cfw_v3.7.0.1009" info (located in the second-to-last line of the response).

NAT edge firewall: Query the corresponding NatinsName (NAT instance name) and EngineVersion (engine version) through the API DescribeNatFwInstancesInfo

Previous Topic: BandwidthNext Topic: Edge Firewall

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback