All Products
Search
Document Center

Cloud Firewall:Purchase Cloud Firewall

Last Updated:Jun 20, 2024

After you purchase Cloud Firewall, you can use Cloud Firewall to protect the following traffic: Internet traffic, traffic between virtual private clouds (VPCs), and traffic between VPCs and data centers. Cloud Firewall is the first line of defense to protect your workloads in Alibaba Cloud. This topic describes how to purchase Cloud Firewall.

Prerequisites

  • Real-name verification is complete for your Alibaba Cloud account. For more information, see FAQ about real-name registration on the Alibaba Cloud international site (alibabacloud.com).

    If you want to purchase Cloud Firewall by using the subscription billing method, you must use an Alibaba Cloud account that has passed enterprise real-name verification.

  • You understand the features and billing methods of Cloud Firewall in each edition.

    • For more information about the features supported by different editions of Cloud Firewall, see Editions or Functions and features.

    • For more information about the billing details of Cloud Firewall that uses the subscription billing method, see Subscription.

    • For more information about the billing details of Cloud Firewall that uses the pay-as-you-go billing method, see Pay-as-you-go.

Procedure

You can purchase Cloud Firewall by using the subscription or pay-as-you-go billing method based on your business requirements.

Purchase Cloud Firewall by using the subscription billing method

  1. Go to the Cloud Firewall buy page. Set Product Type to Subscription.

  2. Configure the following parameters, click Buy Now, and then complete the payment.

    Parameter

    Description

    Current Version

    The edition of Cloud Firewall that you want to purchase.

    After you select an edition, you can view the features provided by the edition in the Features section.

    Protected Public IP Addresses

    The number of public IP addresses that can be protected by the Internet firewall.

    • Premium Edition: The basic price covers 20 public IP addresses. Valid values for an additional quota: 20 to 1000.

    • Enterprise Edition: The basic price covers 50 public IP addresses. Valid values for an additional quota: 50 to 1000.

    • Ultimate Edition: The base price covers 400 public IP addresses. Valid values for an additional quota: 400 to 1000.

    Protected Internet Traffic

    The peak Internet traffic that can be protected by Cloud Firewall. The metering metric is the peak outbound or inbound Internet traffic, whichever is greater. We recommend that you set this parameter to the Internet bandwidth of your business.

    • Premium Edition: The basic price covers 10 Mbit/s of bandwidth. Valid values for an additional quota: 10 to 2000. Unit: Mbit/s.

    • Enterprise Edition: The basic price covers 50 Mbit/s of bandwidth. Valid values for an additional quota: 50 to 5000. Unit: Mbit/s.

    • Ultimate Edition: The basic price covers 200 Mbit/s of bandwidth. Valid values for an additional quota: 200 to 15000. Unit: Mbit/s.

    If the specification does not meet your business requirements, contact your account manager to apply for a bandwidth increase.

    Number of VPC Firewalls

    The number of VPCs that can be protected by Cloud Firewall. You can configure this parameter only if you select Enterprise Edition or Ultimate Edition for the Current Version parameter.

    • Enterprise Edition: The basic price covers 2 VPC firewalls. Valid values for an additional quota: 2 to 100.

    • Ultimate Edition: The basic price covers 5 VPC firewalls. Valid values for an additional quota: 5 to 200.

    Protected VPC Traffic

    The peak cross-VPC traffic that can be protected. You can configure this parameter only if you select Enterprise Edition or Ultimate Edition for the Current Version parameter.

    • Enterprise Edition: The basic price covers 200 Mbit/s of bandwidth. Valid values for an additional quota: 200 to 5000. Unit: Mbit/s.

    • Ultimate Edition: The basic price covers 1,000 Mbit/s of bandwidth. Valid values for an additional quota: 1000 to 10000. Unit: Mbit/s.

      Note

      If cross-VPC traffic exceeds 10 Gbit/s, you must contact your account manager to apply for higher traffic processing capabilities one month in advance.

    NAT Firewalls

    The number of NAT firewalls that you can create.

    • Premium Edition: The basic price does not cover this specification. Valid values for an additional quota: 1 to 20.

    • Enterprise Edition: The basic price covers 1 NAT firewall. Valid values for an additional quota: 1 to 100.

    • Ultimate Edition: The basic price covers 2 NAT firewalls. Valid values for an additional quota: 2 to 1000.

    Protected Private Network Traffic of NAT Gateway

    The peak traffic that can be protected by a NAT firewall in Cloud Firewall. The peak traffic can be specified in increments of 5 Mbit/s.

    • Premium Edition: The basic price does not cover this specification. Valid values for an additional quota: 5 to 1000. Unit: Mbit/s.

    • Enterprise Edition: The basic price covers 10 Mbit/s of bandwidth. Valid values for an additional quota: 10 to 5000. Unit: Mbit/s.

    • Ultimate Edition: The basic price covers 20 Mbit/s of bandwidth. Valid values for an additional quota: 20 to 10000. Unit: Mbit/s.

    Quota for Additional Policy

    The quota for access control policies. If the quota for access control policies of your Cloud Firewall is exhausted, you can increase the value of the Quota for Additional Policy parameter to purchase the quota for access control policies.

    • Premium Edition: 0 to 100000

    • Enterprise Edition: 0 to 200000

    • Ultimate Edition: 0 to 300000

    Multi-account Management

    If you have multiple Alibaba Cloud accounts in your enterprise and you want to manage the accounts in a centralized manner, you can enable the multi-account management feature. To use Cloud Firewall to protect assets across multiple accounts, purchase Cloud Firewall for your account and add other accounts to Cloud Firewall as members. You do not need to purchase Cloud Firewall for other accounts.

    If you set the Multi-account Management parameter to Yes, you must configure the Managed Members parameter.

    • Premium Edition: The basic price covers one account. Valid values: 1 to 20.

    • Enterprise Edition: The basic price covers one account. Valid values: 1 to 50.

    • Ultimate Edition: The basic price covers one account. Valid values: 1 to 1000.

    Managed Members

    Log Analysis

    Specifies whether to enable the log analysis feature.

    By default, Cloud Firewall stores audit logs for seven days. If you want to store audit logs for a longer period of time, meet classified protection requirements, or export audit logs, we recommend that you enable the log analysis feature. The log analysis feature allows Cloud Firewall to store logs from 7 to 730 days.

    If your Internet bandwidth is 10 Mbit/s and you want to store logs for six months, we recommend that you purchase 1,000 GB of storage capacity.

    Note

    For more information, see Overview and Billing.

    Log Storage

    Subscription Duration

    The subscription duration. You can select or clear Auto-renewal based on your business requirements.

    Note

    The auto-renewal cycle is based on the subscription duration. If you purchase a monthly or yearly subscription, Cloud Firewall is renewed on a monthly or yearly basis. For example, if you select 6 Months for Duration and select Auto-renewal, Cloud Firewall is automatically renewed for one month after expiration.

Purchase Cloud Firewall by using the pay-as-you-go billing method

  1. Go to the Cloud Firewall buy page. Set Product Type to Pay-as-you-go.

  2. On the Cloud Firewall (Pay-as-you-go) page, configure the parameters.

    • Billing Cycle: The default value is By Day.

    • Automatic Protection for Assets: Specify whether to automatically enable protection for assets.

      If you set Automatic Protection for Assets to Yes, your network assets are automatically added to Cloud Firewall for protection after you purchase Cloud Firewall that uses the pay-as-you-go billing method. Firewalls and attack prevention are also enabled for the assets. This helps reduce risks of network assets.

      Note

      If you no longer require automatic protection, you can turn off Automatic Protection for New Assets in the Cloud Firewall console. For more information, see Internet firewall.

  3. Read and select Terms of Service, click Buy Now, and then complete the payment.

    After you purchase Cloud Firewall that uses the pay-as-you-go billing method, the bill for the previous day is settled at 18:00 every day based on your actual usage.

What to do next

After you purchase Cloud Firewall, you can perform operations such as configuring intrusion prevention and access control policies and viewing the analysis results of network traffic. For more information, see Configure Cloud Firewall.

Supported operations

  • View the edition and remaining validity period of Cloud Firewall

    In the upper-right corner of the Overview page, you can view the edition of Cloud Firewall and perform operations such as renewal and upgrade. For more information, see Overview.

  • Renew Cloud Firewall

    After your subscription to Cloud Firewall expires, Cloud Firewall no longer protects your assets. We recommend that you renew your subscription to Cloud Firewall before it expires. This helps ensure that Cloud Firewall can continue to protect your assets. For more information, see Renewal.

  • Upgrade or downgrade Cloud Firewall

    If the current edition of Cloud Firewall does not meet your business requirements, you can upgrade or downgrade the edition or specifications of Cloud Firewall. For more information, see Upgrade and downgrade Cloud Firewall.

  • Change the billing method of Cloud Firewall from pay-as-you-go to subscription

    You can change the billing method of Cloud Firewall from pay-as-you-go to subscription if required. For more information, see Pay-as-you-go.

  • Release Cloud Firewall

    If your Cloud Firewall uses the pay-as-you-go billing method and you no longer require it, you can go to the Overview page and choose More > Self-service Release in the upper-right corner of the page to release Cloud Firewall.

    If your Cloud Firewall uses the subscription billing method and you no longer require it, you can release Cloud Firewall only within the period of 15 days before your subscription expires to 7 days after your subscription expires. For more information, see Release Cloud Firewall.