After you purchase Cloud Firewall, you can use Cloud Firewall to protect the following traffic: Internet traffic, traffic between virtual private clouds (VPCs), and traffic between VPCs and data centers. Cloud Firewall is the first line of defense to protect your workloads in Alibaba Cloud. This topic describes how to purchase Cloud Firewall.
Prerequisites
Real-name verification is complete for your Alibaba Cloud account. For more information, see FAQ about real-name registration on the Alibaba Cloud international site (alibabacloud.com).
If you want to purchase Cloud Firewall by using the subscription billing method, you must use an Alibaba Cloud account that has passed enterprise real-name verification.
You understand the features and billing methods of Cloud Firewall in each edition.
For more information about the features supported by different editions of Cloud Firewall, see Editions or Functions and features.
For more information about the billing details of Cloud Firewall that uses the subscription billing method, see Subscription.
For more information about the billing details of Cloud Firewall that uses the pay-as-you-go billing method, see Pay-as-you-go.
Procedure
You can purchase Cloud Firewall by using the subscription or pay-as-you-go billing method based on your business requirements.
Purchase Cloud Firewall by using the subscription billing method
Go to the Cloud Firewall buy page. Set Product Type to Subscription.
Configure the following parameters, click Buy Now, and then complete the payment.
Parameter
Description
Current Version
The edition of Cloud Firewall that you want to purchase.
After you select an edition, you can view the features provided by the edition in the Features section.
Protected Public IP Addresses
The number of public IP addresses that can be protected by the Internet firewall.
Premium Edition: The basic price covers 20 public IP addresses. Valid values for an additional quota: 20 to 1000.
Enterprise Edition: The basic price covers 50 public IP addresses. Valid values for an additional quota: 50 to 1000.
Ultimate Edition: The base price covers 400 public IP addresses. Valid values for an additional quota: 400 to 1000.
Protected Internet Traffic
The peak Internet traffic that can be protected by Cloud Firewall. The metering metric is the peak outbound or inbound Internet traffic, whichever is greater. We recommend that you set this parameter to the Internet bandwidth of your business.
Premium Edition: The basic price covers 10 Mbit/s of bandwidth. Valid values for an additional quota: 10 to 2000. Unit: Mbit/s.
Enterprise Edition: The basic price covers 50 Mbit/s of bandwidth. Valid values for an additional quota: 50 to 5000. Unit: Mbit/s.
Ultimate Edition: The basic price covers 200 Mbit/s of bandwidth. Valid values for an additional quota: 200 to 15000. Unit: Mbit/s.
If the specification does not meet your business requirements, contact your account manager to apply for a bandwidth increase.
Number of VPC Firewalls
The number of VPCs that can be protected by Cloud Firewall. You can configure this parameter only if you select Enterprise Edition or Ultimate Edition for the Current Version parameter.
Enterprise Edition: The basic price covers 2 VPC firewalls. Valid values for an additional quota: 2 to 100.
Ultimate Edition: The basic price covers 5 VPC firewalls. Valid values for an additional quota: 5 to 200.
Protected VPC Traffic
The peak cross-VPC traffic that can be protected. You can configure this parameter only if you select Enterprise Edition or Ultimate Edition for the Current Version parameter.
Enterprise Edition: The basic price covers 200 Mbit/s of bandwidth. Valid values for an additional quota: 200 to 5000. Unit: Mbit/s.
Ultimate Edition: The basic price covers 1,000 Mbit/s of bandwidth. Valid values for an additional quota: 1000 to 10000. Unit: Mbit/s.
NoteIf cross-VPC traffic exceeds 10 Gbit/s, you must contact your account manager to apply for higher traffic processing capabilities one month in advance.
NAT Firewalls
The number of NAT firewalls that you can create.
Premium Edition: The basic price does not cover this specification. Valid values for an additional quota: 1 to 20.
Enterprise Edition: The basic price covers 1 NAT firewall. Valid values for an additional quota: 1 to 100.
Ultimate Edition: The basic price covers 2 NAT firewalls. Valid values for an additional quota: 2 to 1000.
Protected Private Network Traffic of NAT Gateway
The peak traffic that can be protected by a NAT firewall in Cloud Firewall. The peak traffic can be specified in increments of 5 Mbit/s.
Premium Edition: The basic price does not cover this specification. Valid values for an additional quota: 5 to 1000. Unit: Mbit/s.
Enterprise Edition: The basic price covers 10 Mbit/s of bandwidth. Valid values for an additional quota: 10 to 5000. Unit: Mbit/s.
Ultimate Edition: The basic price covers 20 Mbit/s of bandwidth. Valid values for an additional quota: 20 to 10000. Unit: Mbit/s.
Quota for Additional Policy
The quota for access control policies. If the quota for access control policies of your Cloud Firewall is exhausted, you can increase the value of the Quota for Additional Policy parameter to purchase the quota for access control policies.
Premium Edition: 0 to 100000
Enterprise Edition: 0 to 200000
Ultimate Edition: 0 to 300000
Multi-account Management
If you have multiple Alibaba Cloud accounts in your enterprise and you want to manage the accounts in a centralized manner, you can enable the multi-account management feature. To use Cloud Firewall to protect assets across multiple accounts, purchase Cloud Firewall for your account and add other accounts to Cloud Firewall as members. You do not need to purchase Cloud Firewall for other accounts.
If you set the Multi-account Management parameter to Yes, you must configure the Managed Members parameter.
Premium Edition: The basic price covers one account. Valid values: 1 to 20.
Enterprise Edition: The basic price covers one account. Valid values: 1 to 50.
Ultimate Edition: The basic price covers one account. Valid values: 1 to 1000.
Managed Members
Log Analysis
Specifies whether to enable the log analysis feature.
By default, Cloud Firewall stores audit logs for seven days. If you want to store audit logs for a longer period of time, meet classified protection requirements, or export audit logs, we recommend that you enable the log analysis feature. The log analysis feature allows Cloud Firewall to store logs from 7 to 730 days.
If your Internet bandwidth is 10 Mbit/s and you want to store logs for six months, we recommend that you purchase 1,000 GB of storage capacity.
Log Storage
Subscription Duration
The subscription duration. You can select or clear Auto-renewal based on your business requirements.
NoteThe auto-renewal cycle is based on the subscription duration. If you purchase a monthly or yearly subscription, Cloud Firewall is renewed on a monthly or yearly basis. For example, if you select 6 Months for Duration and select Auto-renewal, Cloud Firewall is automatically renewed for one month after expiration.
Purchase Cloud Firewall by using the pay-as-you-go billing method
Go to the Cloud Firewall buy page. Set Product Type to Pay-as-you-go.
On the Cloud Firewall (Pay-as-you-go) page, configure the parameters.
Billing Cycle: The default value is By Day.
Automatic Protection for Assets: Specify whether to automatically enable protection for assets.
If you set Automatic Protection for Assets to Yes, your network assets are automatically added to Cloud Firewall for protection after you purchase Cloud Firewall that uses the pay-as-you-go billing method. Firewalls and attack prevention are also enabled for the assets. This helps reduce risks of network assets.
NoteIf you no longer require automatic protection, you can turn off Automatic Protection for New Assets in the Cloud Firewall console. For more information, see Internet firewall.
Read and select Terms of Service, click Buy Now, and then complete the payment.
After you purchase Cloud Firewall that uses the pay-as-you-go billing method, the bill for the previous day is settled at 18:00 every day based on your actual usage.
What to do next
After you purchase Cloud Firewall, you can perform operations such as configuring intrusion prevention and access control policies and viewing the analysis results of network traffic. For more information, see Configure Cloud Firewall.
Supported operations
View the edition and remaining validity period of Cloud Firewall
In the upper-right corner of the Overview page, you can view the edition of Cloud Firewall and perform operations such as renewal and upgrade. For more information, see Overview.
Renew Cloud Firewall
After your subscription to Cloud Firewall expires, Cloud Firewall no longer protects your assets. We recommend that you renew your subscription to Cloud Firewall before it expires. This helps ensure that Cloud Firewall can continue to protect your assets. For more information, see Renewal.
Upgrade or downgrade Cloud Firewall
If the current edition of Cloud Firewall does not meet your business requirements, you can upgrade or downgrade the edition or specifications of Cloud Firewall. For more information, see Upgrade and downgrade Cloud Firewall.
Change the billing method of Cloud Firewall from pay-as-you-go to subscription
You can change the billing method of Cloud Firewall from pay-as-you-go to subscription if required. For more information, see Pay-as-you-go.
Release Cloud Firewall
If your Cloud Firewall uses the pay-as-you-go billing method and you no longer require it, you can go to the Overview page and choose
in the upper-right corner of the page to release Cloud Firewall.If your Cloud Firewall uses the subscription billing method and you no longer require it, you can release Cloud Firewall only within the period of 15 days before your subscription expires to 7 days after your subscription expires. For more information, see Release Cloud Firewall.