This topic describes the differences between Cloud Firewall editions and supported regions.

Differences in features and billing between Cloud Firewall editions

Feature or billing item Premium Edition Enterprise Edition Ultimate Edition
Base price per month USD 420 USD 1,450 USD 3,900
Maximum Internet bandwidth of protected traffic Default value: 10 Mbit/s per month. You can increase the bandwidth.

Extra fee: USD 15.5 per month for each increase of 1 Mbit/s of bandwidth.

Default value: 50 Mbit/s per month. You can increase the bandwidth.

Extra fee: USD 15.5 per month for each increase of 1 Mbit/s of bandwidth.

Default value: 200 Mbit/s per month. You can increase the bandwidth.

Extra fee: USD 15.5 per month for each increase of 1 Mbit/s of bandwidth.

Number of protected public IP addresses Default value: 20. You can increase the quota.

Extra fee: USD 15 per month for each additional public IP address that you want to protect.

Default value: 50. You can increase the quota.

Extra fee: USD 15 per month for each additional public IP address that you want to protect.

Default value: 200. You can increase the quota.

Extra fee: USD 15 per month for each additional public IP address that you want to protect.

Maximum number of access control policies
Note If an access control policy involves multiple source CIDR blocks, destination CIDR blocks, or ports, this policy is counted as N policies. N = Number of source CIDR blocks × Number of destination CIDR blocks × Number of ports. If a policy involves only one source CIDR block, one destination CIDR block, and one port, this policy is counted as one policy.
4,000. 10,000. 20,000. You can submit a ticket to increase the quota.
Threat detection by using an IPS and installation of virtual patches Supported. Supported. Supported.
IPS whitelist Not supported. Supported. Supported.
Visualization of security group traffic Not supported. Supported. Supported.
Synchronization of security group policies Not supported. Supported. Supported.
Isolation between VPCs Not supported. Supported. Supported.
Number of protected VPCs N/A. Default value: 2. You can submit a ticket to increase the quota.

Extra fee: USD 450 per month for each additional VPC that you want to protect.

Default value: 5. You can submit a ticket to increase the quota.

Extra fee: USD 450 per month for each additional VPC that you want to protect.

Maximum inter-VPC traffic that can be protected N/A. 100 Mbit/s 1 Gbit/s
Unified VPC protection across Alibaba Cloud accounts (with Cloud Enterprise Network enabled) Not supported. Not supported. Supported.
Log audit (Logs are stored for seven days by default.)
Note If you enable the log analysis feature, Cloud Firewall stores the logs generated in the last six months and allows you to export the logs.
Provides quintuple logs.
Note A quintuple log contains the information of a source IP address, a source port, a destination IP address, a destination port, and a transport layer protocol.
Provides quintuple logs. Provides quintuple logs.
Expert service Supported. Supported. Supported.
Cluster deployment Uses shared resources. Uses shared resources. Uses dedicated resources. You can submit a ticket to change the resource specifications.
Subscription mode Shortest subscription period: six months. Monthly subscription supported. Monthly subscription supported.

Regions supported by Cloud Firewall

Log on to the Cloud Firewall console. In the left-side navigation pane, click Firewall Settings and then the Internet Firewall tab to view the supported regions.

Regions supported by Cloud Firewall
Note Before you purchase Cloud Firewall, make sure that your cloud assets are deployed in the regions supported by Cloud Firewall. Cloud assets include public IP addresses of Elastic Compute Service (ECS), Elastic IP addresses (EIPs) of Server Load Balancer (SLB), High-availability virtual IP addresses (HAVIP), EIPs, EIPs of ECS, EIPs of Elastic Network Interface (ENI), public IP addresses of SLB, and EIPs of Network Address Translation (NAT) Gateway. If your cloud assets are not deployed in regions supported by Cloud Firewall, Cloud Firewall cannot protect these assets even if you purchased Cloud Firewall. In this case, you must submit a ticket to apply for a refund.
Alibaba Cloud account type Supported region
Account registered at alibabacloud.com Regions in China:
  • China (Beijing)
  • China (Zhangjiakou-Beijing Winter Olympic)
  • China (Hangzhou)
  • China (Shanghai)
  • China (Shenzhen)
  • China (Heyuan)
  • China (Hong Kong)
Regions outside China:
  • Singapore
  • Malaysia (Kuala Lumpur)
  • Indonesia (Jakarta)
  • Germany (Frankfurt)

VPC firewall limits

A VPC firewall helps you detect and control the traffic between VPCs that are connected by using Express Connect or Cloud Enterprise Network (CEN). Different network environments have different limits for enabling VPC firewalls. For more information, see VPC firewall limits.