All Products
Search

This Product

    Cloud Firewall:Purchase Cloud Firewall

    Document Center

    Cloud Firewall:Purchase Cloud Firewall

    Last Updated:Oct 18, 2023

    After you purchase Cloud Firewall, you can use Cloud Firewall to protect the following traffic: Internet traffic, traffic between virtual private clouds (VPCs), and traffic between VPCs and data centers. Cloud Firewall is the first line of defense to protect your workloads in Alibaba Cloud. This topic describes how to purchase Cloud Firewall.

    Prerequisites

    • Real-name verification is complete for your Alibaba Cloud account. For more information, see FAQ about real-name registration on the Alibaba Cloud international site (alibabacloud.com).

      If you want to purchase Cloud Firewall by using the subscription billing method, you must use an Alibaba Cloud account that has passed enterprise real-name verification.

    • You understand the features and billing methods of Cloud Firewall in each edition.

      • For more information about the features supported by different editions of Cloud Firewall, see Editions or Functions and features.

      • For more information about the billing details of Cloud Firewall that uses the subscription billing method, see Subscription.

      • For more information about the billing details of Cloud Firewall that uses the pay-as-you-go billing method, see Pay-as-you-go.

    Procedure

    You can purchase Cloud Firewall by using the subscription or pay-as-you-go billing method based on your business requirements.

    Purchase Cloud Firewall by using the subscription billing method

    1. Go to the Cloud Firewall buy page. Set the Product Type to Subscription.

    2. Configure the following parameters, click Buy Now, and then complete the payment.

      Parameter

      Description

      Current Version

      The edition of Cloud Firewall that you want to purchase.

      After you select an edition, you can view the features provided by the edition in the Features section.

      Protected Public IP Addresses

      The number of public IP addresses that can be protected by the Internet firewall.

      • Premium Edition: The basic price covers 20 public IP addresses. Valid values for an additional quota: 20 to 1000.

      • Enterprise Edition: The basic price covers 50 public IP addresses. Valid values for an additional quota: 50 to 1000.

      • Ultimate Edition: The base price covers 400 public IP addresses. Valid values for an additional quota: 400 to 1000.

      Protected Internet Traffic

      The peak Internet traffic that can be protected by Cloud Firewall. The metering metric is the peak outbound or inbound Internet traffic, whichever is greater. We recommend that you set this parameter to the Internet bandwidth of your business.

      • Premium Edition: The basic price covers 10 Mbit/s of bandwidth. Valid values for an additional quota: 10 to 2000. Unit: Mbit/s.

      • Enterprise Edition: The basic price covers 50 Mbit/s of bandwidth. Valid values for an additional quota: 50 to 5000. Unit: Mbit/s.

      • Ultimate Edition: The basic price covers 200 Mbit/s of bandwidth. Valid values for an additional quota: 200 to 15000. Unit: Mbit/s.

      If the specification does not meet your business requirements, contact your account manager to apply for a bandwidth increase.

      Protected VPCs

      The number of VPCs that can be protected by Cloud Firewall. You can configure this parameter only if you select Enterprise Edition or Ultimate Edition for the Current Version parameter.

      • Enterprise Edition: The basic price covers 2 VPC firewalls. Valid values for an additional quota: 2 to 100.

      • Ultimate Edition: The basic price covers 5 VPC firewalls. Valid values for an additional quota: 5 to 200.

      Protected VPC Traffic

      The peak cross-VPC traffic that can be protected. You can configure this parameter only if you select Enterprise Edition or Ultimate Edition for the Current Version parameter.

      • Enterprise Edition: The basic price covers 200 Mbit/s of bandwidth. Valid values for an additional quota: 200 to 5000. Unit: Mbit/s.

      • Ultimate Edition: The basic price covers 1,000 Mbit/s of bandwidth. Valid values for an additional quota: 1000 to 10000. Unit: Mbit/s.

        Note

        If cross-VPC traffic exceeds 10 Gbit/s, you must contact your account manager to apply for higher traffic processing capabilities one month in advance.

      NAT Firewalls

      The number of NAT firewalls that you can create.

      • Premium Edition: The basic price does not cover this specification. Valid values for an additional quota: 0 to 20.

      • Enterprise Edition: The basic price covers 1 NAT firewall. Valid values for an additional quota: 1 to 200.

      • Ultimate Edition: The basic price covers 2 NAT firewalls. Valid values for an additional quota: 2 to 1000.

      Protected Private Network Traffic of NAT Gateway

      The peak traffic that can be protected by a NAT firewall in Cloud Firewall.

      • Premium Edition: The basic price does not cover this specification. Valid values for an additional quota: 0 to 1000. Unit: Mbit/s.

      • Enterprise Edition: The basic price covers 10 Mbit/s of bandwidth. Valid values for an additional quota: 10 to 5000. Unit: Mbit/s.

      • Ultimate Edition: The basic price covers 20 Mbit/s of bandwidth. Valid values for an additional quota: 20 to 10000. Unit: Mbit/s.

      Quota for Additional Policy

      The quota for access control policies. If the quota for access control policies of your Cloud Firewall is exhausted, you can increase the value of the Quota for Additional Policy parameter to purchase the quota for access control policies.

      • Premium Edition: 0 to 50000

      • Enterprise Edition: 0 to 100000

      • Ultimate Edition: 0 to 200000

      Multi-account Management

      If you have multiple Alibaba Cloud accounts in your enterprise and you want to manage the accounts in a centralized manner, you can enable the multi-account management feature. To use Cloud Firewall to protect assets across multiple accounts, purchase Cloud Firewall for your account and add other accounts to Cloud Firewall as members. You do not need to purchase Cloud Firewall for other accounts.

      If you set the Multi-account Management parameter to Yes, you must configure the Managed Members parameter.

      • Premium Edition: The basic price does not cover this specification. Valid values for an additional quota: 1 to 20.

      • Enterprise Edition: The basic price does not cover this specification. Valid values for an additional quota: 1 to 50.

      • Ultimate Edition: The basic price does not cover this specification. Valid values for an additional quota: 1 to 1000.

      Managed Members

      Log Analysis

      Specifies whether to enable the log analysis feature.

      By default, Cloud Firewall stores logs of the last seven days. If you want to store the logs for a longer period of time or meet classified protection requirements, we recommend that you enable the log analysis feature. After you enable this feature, Cloud Firewall can store logs for six months and allows you to export logs. For more information, see Overview and Billing.

      By default, Cloud Firewall stores logs for seven days. If you want to store the logs for a longer period of time or meet classified protection requirements, we recommend that you enable the log analysis feature.

      The log analysis feature allows Cloud Firewall to store logs from 7 to 365 days, which meets classified protection requirements.

      Note

      If your Internet bandwidth is 10 Mbit/s and you want to store logs for six months, we recommend that you purchase 1,000 GB of storage capacity.

      Log Storage

      Duration

      The subscription duration. You can select or clear Auto-renewal based on your business requirements.

      Note

      The auto-renewal cycle is based on the subscription duration. If you purchase a monthly or yearly subscription, Cloud Firewall is renewed on a monthly or yearly basis. For example, if you select 6 Months for Duration and select Auto-renewal, Cloud Firewall is automatically renewed for one month after expiration.

    Purchase Cloud Firewall by using the pay-as-you-go billing method

    1. Go to the Cloud Firewall buy page and set Product Type to Pay-as-you-go.

    2. On the Cloud Firewall (Pay-as-you-go) page, configure the parameters.

      • Billing Cycle: The default value is By Day.

      • Automatic Protection for Assets: Specify whether to automatically enable protection for assets.

        If you turn on Automatic Protection for Assets, your network assets are automatically added to Cloud Firewall for protection after you purchase Cloud Firewall that uses the pay-as-you-go billing method. Firewalls and attack prevention are also enabled for the assets. This helps reduce risks of network assets.

        Note

        If you no longer require automatic protection, you can turn off Automatic Protection for New Assets in the Cloud Firewall console. For more information, see Internet firewall.

    3. Read and select Terms of Service, click Buy Now, and then complete the payment.

      After you purchase Cloud Firewall that uses the pay-as-you-go billing method, Alibaba Cloud settles the bill for the previous day at 18:00 every day based on your actual usage.

    What to do next

    After you purchase Cloud Firewall, you can perform operations such as configuring intrusion prevention and access control policies and viewing the analysis results of network traffic. For more information, see Configure Cloud Firewall.

    Supported operations

    • View the edition and remaining validity period of Cloud Firewall

      In the upper-right corner of the Overview page, you can view the edition of Cloud Firewall and perform operations such as renewal and upgrade. For more information, see Overview.

    • Renew Cloud Firewall

      After your subscription to Cloud Firewall expires, Cloud Firewall no longer protects your assets. We recommend that you renew your subscription to Cloud Firewall before it expires. This helps ensure that Cloud Firewall can continue to protect your assets. For more information, see Renewal.

    • Upgrade or downgrade Cloud Firewall

      If the current edition of Cloud Firewall does not meet your business requirements, you can upgrade or downgrade the edition or specifications of Cloud Firewall. For more information, see Upgrade and downgrade Cloud Firewall.

    • Change the billing method of Cloud Firewall from pay-as-you-go to subscription

      You can change the billing method of Cloud Firewall from pay-as-you-go to subscription if required. For more information, see Pay-as-you-go.

    • Release Cloud Firewall

      If your Cloud Firewall uses the pay-as-you-go billing method and you no longer require it, you can go to the Overview page and choose More > Release in the upper-right corner of the page to release Cloud Firewall.

      If your Cloud Firewall uses the subscription billing method and you no longer require it, you can release Cloud Firewall only within the period of 15 days before your subscription expires to 7 days after your subscription expires. For more information, see Release Cloud Firewall.