Cloud Firewall allows you to back up and roll back access control policies for both inbound and outbound traffic on the Internet firewall. This topic describes how to back up and roll back an access control policy.

Background information

You can roll back access control policies in the Ultimate Edition or Enterprise Edition of Cloud Firewall, but not in the Premium Edition.

Each Alibaba Cloud account can have up to 12 policy backups at a time. If your Alibaba Cloud account has 12 policy backups, you must delete a policy backup before you can create another policy backup. For information about how to delete a policy backup, see Related operations. The number of times you can create policy backups each day is unlimited.

Policy rollback indicates that an in-use policy is replaced with a policy that you have backed up. To ensure that access control policies work normally, we recommend that you perform the following operations to roll back an in-use policy:
  1. Back up the policy.
  2. During off-peak hours, disable all firewalls.
  3. Roll back the policy.
  4. After the policy is rolled back, enable the firewalls one by one and verify that access to your services is normal.
Note Only access control policies of the Internet firewall can be rolled back. The access control policies of virtual private cloud (VPC) firewalls and internal firewalls cannot be rolled back.

Back up an access control policy

  1. Log on to the Cloud Firewall console.
  2. In the left-side navigation pane, choose Settings > Toolbox.
  3. On the Toolbox page, click View Backup. Backup and rollback
  4. On the Policy Backup and Rollback page, click New Backup. Policy Backup and Rollback
  5. In the Backup Policy dialog box, enter the description of the policy backup and click OK. Backup Policy dialog box
    The following table describes the parameters in the Backup Policy dialog box.
    Parameter Description
    Backup Time The time when the access control policy for both inbound and outbound traffic on the Internet firewall is backed up.
    Policies The number of access control policies for both inbound and outbound traffic on the Internet firewall. The policies are created within the current Alibaba Cloud account.
    Description The description of the policy backup that you want to create.
    Note You can enter up to 256 characters for Description. You can determine which policy backup to use for rollback based on the description and backup time. To help identify the backup, enter an informative description.
    You can view the new policy backup on the Policy Backup and Rollback page. Policy Backup and Rollback

Roll back an access control policy

After you create backups of a policy, you can roll back the policy to restore one of the policy backups.

  1. Log on to the Cloud Firewall console.
  2. In the left-side navigation pane, choose Settings > Toolbox.
  3. On the Toolbox page, click View Backup. Backup and rollback
  4. On the Policy Backup and Rollback page, find the backup that you want to use for the policy rollback and click Use Backup in the Actions column. Use Backup
  5. In the Are you sure you want to roll back the policy by using this backup? message, click OK.
    Use backup
    Note
    • The policy is rolled back in seconds.
    • If a large number of access control policies exist within your Alibaba Cloud account, or a large number of users are performing policy rollback at the same time, a timeout error can occur. If a timeout error occurs, the system displays prompts for you to address the issue.
    • If the rollback fails, the access control policy that is in use remains unchanged.

Related operations

To delete the backups of a policy, go to the Policy Backup and Rollback page, find the backup that you want to delete, and then click Delete Backup in the Actions column.