The Great Firewall of China, Explained for Businesses

The Great Firewall is China’s system of internet border controls: filtering and inspection equipment at the international gateways where Mainland networks connect to the rest of the world. It blocks a long list of foreign platforms (Google, Meta’s apps, YouTube, WhatsApp, most Western news), slows much of what it does not block, and is the reason a China office cannot simply be plugged into your global network like any other site. This guide explains how it works, what it means for business IT in 2026, and the compliant ways around the problem — none of which involve a consumer VPN.

It is the context behind two of our most-read guides: connecting China offices — SD-WAN, MPLS and IPLC compared and VPNs in China.

What the Great Firewall actually is

“Great Firewall” (GFW) is the informal name for the filtering infrastructure operated at Mainland China’s international internet gateways, under the country’s broader internet-governance regime (the same legal framework that includes the Cybersecurity Law, amended with effect from January 2026). All Mainland internet traffic to and from the outside world passes through a small number of licensed gateway operators — and through the controls.

Two consequences follow that most explanations miss:

1. It is a border system, not a domestic one. Traffic between two points inside China doesn’t touch it. Traffic between China and anywhere else — including Hong Kong — does.
2. Blocking is only half the story. The international gateways are also congested and actively managed. Even permitted foreign services often run slowly or erratically from the Mainland — the “performance wall” that frustrates business users far more often than outright blocks.

How it blocks

The GFW layers several techniques:

• DNS interference — lookups for blocked domains return wrong or no answers.
• IP blocking — traffic to known blocked addresses is dropped.
• Deep packet inspection and SNI filtering — connections are inspected in flight and reset when they match blocked services, even over encrypted HTTPS (the server name is visible during the handshake).
• Throttling — bandwidth to specific foreign services or routes is degraded rather than cut.
• Active probing of circumvention tools — endpoints that look like VPN or proxy servers are probed and blocked, which is why consumer VPNs in China live in a permanent cat-and-mouse cycle.

Enforcement intensity moves with the political calendar — connectivity reliably worsens around major events — and reports through 2026 point to further infrastructure-level tightening of circumvention routes.

What’s blocked — and what isn’t — in 2026

Always verify current status for anything you depend on; this is the stable picture:

Status	Services
Blocked	Google (Search, Gmail, Drive, Maps), YouTube, Facebook, Instagram, WhatsApp, X (Twitter), Telegram, Signal, Reddit, Dropbox, most major Western news outlets (BBC, NYT, Bloomberg), most VPN providers’ websites
Reachable but often degraded	Microsoft 365 / Teams on a global tenant, many global SaaS platforms, most ordinary foreign websites — usable, but slow and inconsistent through the gateways
Working normally	Bing, Apple services (operated through a local partner), and the Chinese ecosystem — WeChat, Alibaba and Tencent clouds, Baidu — plus global services with proper China deployments

Note what this means: the everyday pain for a foreign business is rarely “our site is blocked.” It is email crawling, video calls stuttering and SaaS timeouts on services that are technically allowed. That is a gateway-capacity problem, and it has engineering solutions (below). For collaboration platforms specifically, see Microsoft 365 in China.

Hong Kong is on the other side of the wall

A point that surprises many: there is no Great Firewall in Hong Kong. The open internet — Google, WhatsApp, YouTube, all of it — works normally there. But traffic between Hong Kong and the Mainland crosses the border controls like any other international traffic, which is why a Hong Kong HQ and a Shanghai office need a properly engineered link, not a site-to-site VPN over the public internet.

One related nuance worth knowing: when a service is unavailable in Hong Kong — ChatGPT and Claude being the famous examples — that is the provider’s own restriction, not a firewall. Hong Kong blocks essentially nothing; some providers choose not to serve it. We unpack this in AI tools that work in Hong Kong and China.

VPNs: the legal reality

China’s rules on circumvention are not a grey area anymore:

• Consumer VPNs to bypass blocks are illegal for use in the Mainland without authorisation, and enforcement — both technical (blocking the tools) and administrative (fines for individuals) — has tightened markedly, including through 2026.
• Businesses have legal routes: cross-border circuits and corporate connectivity bought from licensed Chinese carriers — dedicated lines (IPLC), MPLS, and licensed SD-WAN services — registered to your company for internal business use. This is settled, normal practice; thousands of multinationals run on it.
• The thing to avoid is the in-between: running your China office’s connectivity through unlicensed tunnels. It works until it doesn’t — typically failing exactly when you most need it — and it puts your local entity and staff on the wrong side of rules that now carry meaningfully higher penalties.

Our VPN in China guide covers the compliant-vs-grey distinction in detail.

Designing business IT around the wall

The patterns that work, in increasing order of investment:

1. Accept and optimise. For a small office, keep the global stack, route traffic through a licensed carrier’s quality internet circuit, and accept some degradation. Cheap, sometimes adequate.
2. Licensed cross-border connectivity. An IPLC, MPLS or licensed SD-WAN link from your Mainland office to Hong Kong or Singapore lifts your office traffic over the congested public gateways — the standard fix for the performance wall. Compared in detail here.
3. Split architecture. Put what China needs inside China — local hosting with an ICP filing, possibly a China cloud tenant — and connect the two worlds deliberately, with the data-transfer rules designed in rather than bolted on.

Which pattern fits depends on headcount, latency-sensitivity and how much of your business actually lives in the Mainland — the subject of our cross-border IT playbook.

Great Firewall FAQs

Is Hong Kong behind the Great Firewall?

No. Hong Kong has open internet access — Google, WhatsApp, YouTube and foreign news all work normally. The Great Firewall operates at Mainland China’s international gateways, and traffic between Hong Kong and the Mainland crosses those controls like any other cross-border traffic. Where a service is unavailable in Hong Kong (such as ChatGPT or Claude first-party), that is the provider’s own geographic restriction, not government blocking.

Is Microsoft 365 blocked in China?

No — a global Microsoft 365 tenant is reachable from Mainland China, but performance through the international gateways is often poor: slow Outlook sync, choppy Teams calls, SharePoint timeouts. Businesses fix this with licensed cross-border connectivity or by using Microsoft’s separate China cloud (operated by 21Vianet), each with significant trade-offs in features and administration.

Can my business legally use a VPN in China?

Consumer VPNs used to bypass blocking are illegal in Mainland China without authorisation, and enforcement has tightened. The legal route for business is cross-border connectivity purchased from licensed Chinese carriers — dedicated IPLC circuits, MPLS, or licensed SD-WAN — registered to your company for internal use. This is standard, settled practice for multinationals operating in China.

Why is my website slow in China if it isn’t blocked?

Because all traffic between China and foreign servers passes through a small number of congested, actively managed international gateways. Even fully permitted sites load slowly and inconsistently from the Mainland when hosted abroad. If China is a real market, the fix is hosting inside the Mainland (which requires an ICP filing through a China-registered entity) plus a China CDN; a partial improvement is hosting in Hong Kong, which shortens the route but still crosses the gateways.

Does the Great Firewall block data leaving China?

The firewall is a network-level filter; it is not the legal mechanism controlling data exports. Data leaving China is governed by the cross-border data transfer rules under PIPL and related laws — security assessments, standard contracts and exemptions — which apply regardless of how the traffic flows. The two issues interact (you need lawful and reliable paths out) but are separate problems with separate solutions.

How PTS helps

PTS designs and runs IT for foreign businesses in Mainland China from Hong Kong — including licensed cross-border connectivity through carrier partners, split global/China architectures, Microsoft 365 strategy on both sides of the wall, and on-the-ground support in major Mainland cities. We have been building around the wall for years; the patterns above are the ones we deploy.

If you need help or advice related to this topic please get in touch with us here.

PTS Consulting provides managed IT support, structured cabling, audiovisual design and installation, and IT consultancy services for businesses across Hong Kong, Mainland China and Singapore.