If the access control policies that you configure for the Internet firewall and virtual
private cloud (VPC) firewalls no longer meet your business requirements, you can roll
back the access control policies to specified policies that you back up. This topic
describes how to back up and roll back access control policies.
Background information
Each Alibaba Cloud account can have up to 12 policy backups at a time. If your Alibaba
Cloud account has 12 policy backups, you must delete a policy backup before you can
create another policy backup. For more information about how to delete a policy backup,
see What to do next.
Policy rollback indicates that in-use policies are replaced with the policies that
you have backed up. To ensure that access control policies work normally, we recommend
that you perform the following operations to roll back in-use policies:
- Back up the policies.
- During off-peak hours, disable all firewalls.
- Roll back the policies by using the policy backup.
- After you roll back the policies, enable the firewalls one by one and verify that
access to your services is normal.
Limits
You can back up and roll back the access control policies in Cloud Firewall Ultimate
Edition or Enterprise Edition, but not in Cloud Firewall Premium Edition.
You can back up and roll back the access control policies only of the Internet firewall
and VPC firewalls.
Back up access control policies
You can roll back access control policies only if you have backed up the policies.
- Log on to the Cloud Firewall console.
- In the left-side navigation pane, choose .
- On the Toolbox page, click View Backup.
- On the Policy Backup and Rollback page, click New Backup.
- In the Backup Policy dialog box, enter the description of the policy backup and click OK.
Parameter |
Description |
Backup Time |
The time at which you create the policy backup for access control policies. |
Policies |
The number of inbound and outbound access control policies that are created for the
Internet firewall and the access control policies that are created for VPC firewalls.
The policies are created within the current Alibaba Cloud account.
|
Description |
The description of the policy backup that you want to create.
Note You can enter up to 256 characters for Description. You can determine which policy
backup to use for rollback based on the description and backup time. To help identify
the backup, enter an informative description.
|
You can view the information about the new policy backup on the Policy Backup and Rollback page.
Roll back access control policies
You can roll back access control policies to restore the policies to a point in time
when you back up the policies.
- Log on to the Cloud Firewall console.
- In the left-side navigation pane, choose .
- On the Toolbox page, click View Backup.
- On the Policy Backup and Rollback page, find the policy backup that you want to use for the rollback and click Use Backup in the Actions column.
- In the Are you sure you want to roll back the policy by using this backup? message, click OK.
Note
- The policies are rolled back in seconds.
- If a large number of access control policies exist within your Alibaba Cloud account
or a large number of users are performing rollback at the same time, a timeout error
can occur. If a timeout error occurs, the system displays prompts for you to address
the issue.
- If the rollback fails, the access control policies remain unchanged.
What to do next
To delete a historical policy backup, go to the Policy Backup and Rollback page, find the policy backup that you want to delete, and then click Delete Backup in the Actions column.