How to monitor Cloud Firewall in Huawei Cloud
Site24x7 monitors Huawei Cloud Firewall and provides insights into ACL and IPS activity, traffic protection levels, and bandwidth usage that help to detect threats early and maintain secure, reliable network operations.
Use cases
Threat detection: Identify attacks early by monitoring deny counts from ACLs and IPSs. This enables quicker investigation and response to unusual spikes in traffic.
Bandwidth control: To avoid traffic drops, keep track of the bandwidth usage of protection systems. This will help scale firewall capacity before reaching its limits.
Policy validation: Ensure the effectiveness of security rules by monitoring hit counts. This approach helps identify misconfigurations before security policies fail unnoticed.
Setup and configuration
Cloud Firewall resources are auto-discovered and monitored during the Huawei Cloud integration. To enable monitoring, follow the steps below:
- Navigate to Cloud > Huawei > Add Huawei Monitor. Learn how to add a Huawei Cloud monitor.
- While adding or editing a Huawei Cloud monitor, select CFW from the Service/Resource Types drop-down and click Save.
- Navigate to Cloud > Huawei, select the created Huawei monitor, and then click Cloud Firewall.
Supported metrics
ACL
Metric name |
Description |
Units |
| ACL Deny Count | The number of traffic flows denied by ACL rules on the firewall. | Count |
| ACL Hit Count | The number of traffic flows that matched an ACL rule on the firewall. | Count |
IPS
Metric name |
Description |
Units |
| IPS Deny Count | The number of traffic flows blocked by the IPS on the firewall. | Count |
| IPS Hit Count | The number of traffic flows that triggered an IPS rule on the firewall. | Count |
Internet protection
Metric name |
Description |
Units |
| Internet Protection Bandwidth Usage | The amount of bandwidth currently consumed by internet-facing traffic under firewall protection. | Bit/second |
| Internet Protection Bandwidth Usage Rate | The percentage of the configured internet protection bandwidth currently in use. | Percentage |
| Internet Protection Packets Per Second | The rate of packets per second currently processed under internet protection on the firewall. | Count |
VPC protection
Metric name |
Description |
Units |
| VPC Protection Bandwidth Usage | The amount of bandwidth currently consumed by east-west virtual private cloud (VPC) traffic under firewall protection. | Bit/second |
| VPC Protection Bandwidth Usage Rate | The percentage of the configured VPC protection bandwidth currently in use. | Percentage |
| VPC Protection Packets Per Second | The rate of packets per second currently processed under VPC protection on the firewall. | Count |
Bandwidth
Metric name |
Description |
Units |
| Used Protection Bandwidth | The total protection bandwidth currently consumed across all protected traffic on the firewall. | KB/second |
| Protection Bandwidth Usage | The percentage of the total configured protection bandwidth currently in use on the firewall. | Percentage |
Threshold configuration
You can configure thresholds and alerts for all CFW metrics to detect performance degradation proactively or connection issues.
- Go to Admin > Configuration Profiles > Threshold and Availability.
- Create or edit your Threshold Profile for CFW.
- Assign the profile to the respective monitors to trigger alerts.
IT Automation
Use Site24x7's IT Automation to resolve common issues with CFW performance:
- Go to Admin > IT Automation Templates. Then, click Add Automation Templates.
- Create an automation rule by selecting the automation Type (e.g., Server reboot, clear queue).
- Map the created rules to the CFW, for automatic execution during alerts.
Configuration rules
Use Configuration Rules to simplify bulk setup across CFW instances. Automatically assign Threshold Profiles, Notification Profiles, Tags, and Monitor Groups when new monitors are discovered.