Cloud Firewall lets you flexibly adjust the instance edition, configuration specifications, bandwidth, and billing method based on your business needs to optimize resources and costs.
Business impact: Self-service upgrades and downgrades of Cloud Firewall do not affect your services.
Applicable editions: Only subscription Cloud Firewall instances (Premium Edition, Enterprise Edition, and Ultimate Edition) support upgrade and downgrade operations.
Modifiable configurations
Effective October 15, 2025, Cloud Firewall introduces Billing Method 2.0. New instances use Billing Method 2.0 by default. Existing instances purchased before this date continue to use Billing Method 1.0. The modifiable configurations vary by billing method, as described below.
Billing Method 2.0
Upgrade or downgrade the current Cloud Firewall instance edition.
Increase or decrease the configuration specifications for the current edition, including Number of Scalable Firewall Instances, Scalable Firewall Bandwidth, and Log Storage Capacity.
Enable or disable feature modules, including Network Detection and Response (NDR), Sensitive Data Leak Detection, and Log Analysis.
Perform a Temporary Bandwidth Upgrade.
Billing Method 1.0
Upgrade or downgrade the current Cloud Firewall instance edition.
Increase or decrease the configuration specifications for the current edition, including Number of Public IPs Protected by Internet Firewall, throughput of Internet Firewall, Number of NAT Firewall Instances, throughput of NAT Firewall, Number of VPC Firewall Instances, throughput of VPC Firewall, Quota for Additional Policy, and Log Storage Capacity.
Enable or disable feature modules, including Network Detection and Response (NDR), Elastic Throughput, Sensitive Data Leak Detection, and Log Analysis.
Perform a Temporary Bandwidth Upgrade.
Upgrade
Upgrade considerations
Specification limits: The new configuration specifications cannot exceed the maximum limits of the current Cloud Firewall instance edition.
Cost difference: When you upgrade, you must pay the price difference. The final price is displayed on the Cloud Firewall purchase page.
Upgrade recommendations
Before you upgrade, log on to the Cloud Firewall console. On the Overview page, review your current Cloud Firewall instance edition and purchased configuration specifications. Decide whether an upgrade is necessary based on your specification usage, business requirements, costs, and the limits of your instance edition.
The following are some upgrade recommendations for common scenarios:
If multiple configuration items exceed the limits of your current instance edition, upgrade the instance edition to expand your protection capacity.
If only a single item exceeds its purchased specification, upgrade only that item.
If your protection requirements exceed the specification limits, security effectiveness may be compromised and risks may arise. To ensure continuous and effective protection, regularly review your specification usage and maintain sufficient capacity to meet future demands.
Procedure
You can upgrade the edition, increase configurations, or enable feature modules to enhance your protection capabilities. The expiration date of the upgraded instance edition and configuration specifications is the same as that of your Cloud Firewall subscription before the upgrade.
Log on to the Cloud Firewall console.
On the right side of the Overview page, click Upgrade.
On the Upgrade page, review the configuration specifications of your current edition. Select the target edition and specifications based on your business requirements, or enable disabled feature modules as needed.
Read the service agreement, select I have read and agree to the Cloud Firewall Terms of Service, and then click Buy Now to complete the payment. The changes take effect immediately.
Temporary bandwidth upgrade procedure
The Temporary Bandwidth Upgrade feature is a short-term solution that lets you increase throughput on an hourly basis for public, VPC, and NAT private traffic. At the specified restoration time, the throughput automatically reverts to its pre-upgrade level. You can only increase throughput within your current edition, and the upgrade duration must be shorter than your subscription period.
If you upgrade your configuration specifications to increase the peak bandwidth before the temporary upgrade is scheduled to revert, Cloud Firewall uses the new bandwidth from the standard upgrade, and the temporary upgrade becomes void.
Log on to the Cloud Firewall console.
In the upper-right corner of the Overview page, choose .
Select the throughput specifications and restoration time that meet your business requirements.
Read the service agreement, select the checkbox for the Cloud Firewall Terms of Service, and then click Buy Now to complete the payment. The upgrade takes effect immediately.
Downgrade
If your subscription instance specifications exceed your business needs, you can downgrade the configuration specifications or disable unused feature modules to reduce costs.
Downgrade considerations
Specification limits: The downgraded configuration specifications cannot be lower than the default specifications for the current instance edition or the specifications you are currently using.
Refund rules: When you downgrade an edition or its configuration specifications, you will receive a refund for the price difference, calculated based on your remaining subscription period and the new specifications. The refund amount is displayed on the downgrade page. For more information about the refund rules for Alibaba Cloud products, see Unsubscribe rules.
View refunds: After the downgrade, you can go to the Expenses and Costs page. In the left-side navigation pane, choose Orrs to view the refund details.
Procedure
Log on to the Cloud Firewall console.
In the upper-right corner of the Overview page, choose .
On the Downgrade page, reduce the specifications for the current edition or set the options for unused feature modules to No based on your business requirements.
Read the service agreement, select I have read and agree to the Cloud Firewall Terms of Service, and then click Buy Now to confirm the downgrade.
You can then view the updated specifications by clicking Purchased Specs in the upper-right corner of the Overview page.