Purchase Cloud Firewall - Cloud Firewall - Alibaba Cloud Documentation Center

After you purchase Cloud Firewall, you can use Cloud Firewall to protect the following traffic: Internet traffic, traffic between virtual private clouds (VPCs), and traffic between VPCs and data centers. Cloud Firewall is the first line of defense to protect your workloads in Alibaba Cloud. This topic describes how to purchase Cloud Firewall.

Background information

Cloud Firewall supports the subscription billing method. To purchase Cloud Firewall by using the subscription billing method, you must specify a Cloud Firewall edition, the specifications, and a subscription duration based on your business requirements, and complete the payment.

Purchase Cloud Firewall by using the subscription billing method

Go to the Cloud Firewall buy page.

Configure the following parameters based on your business requirements.

Parameter	Description
Current Version	The edition of Cloud Firewall that you want to purchase. Valid values: Premium Edition Enterprise Edition Ultimate Edition The features provided by Cloud Firewall vary based on the edition. You can click an edition and view the features in the Features section. For more information, see Functions and features. For more information about the pricing of each edition, see Subscription.
Protected Public IP Addresses	The number of public IP addresses that can be protected by the Internet firewall. Valid values: Premium Edition: 20 to 1000 Enterprise Edition: 50 to 1000 Ultimate Edition: 400 to 1000
Protected Internet Traffic	The peak Internet traffic that can be protected by Cloud Firewall. Unit: Mbit/s. Valid values: Premium Edition: 10 to 2000 Enterprise Edition: 50 to 5000 Ultimate Edition: 200 to 15000 Note We recommend that you set this parameter to the Internet bandwidth of your business. If the specification does not meet your business requirements, contact your business manager to apply for a bandwidth increase.
Protected VPCs	The number of VPCs that can be protected by Cloud Firewall. This feature is available only in Enterprise Edition and Ultimate Edition. You can configure this parameter only if you select Enterprise Edition or Ultimate Edition for Current Version. Valid values: Enterprise Edition: 2 to 100 Ultimate Edition: 5 to 200
Protected VPC Traffic	The maximum traffic that can be protected between VPCs. Unit: Mbit/s. This feature is available only in Enterprise Edition and Ultimate Edition. You can configure this parameter only if you select Enterprise Edition or Ultimate Edition for Current Version. Valid values: Enterprise Edition: 200 to 5000 If the specifications of Cloud Firewall cannot meet your business requirements, increase the value of Protected VPC Traffic. The maximum value of Protected VPC Traffic is 5 Gbit/s. Ultimate Edition: 1000 to 10000 If the specifications of Cloud Firewall cannot meet your business requirements, increase the value of Protected VPC Traffic. The maximum value of Protected VPC Traffic is 10 Gbit/s. If the traffic between VPCs exceeds 10 Gbit/s, you must contact your business manager to apply for higher traffic processing capabilities one month in advance.
Quota for Additional Policy	The quota for access control policies. Valid values: Premium Edition: 0 to 50000 Enterprise Edition: 0 to 100000 Ultimate Edition: 0 to 200000
Multi-account Management	Specifies whether to enable the multi-account management feature. If you have multiple Alibaba Cloud accounts in your enterprise and you want to manage the accounts in a centralized manner, you can enable the multi-account management feature. To use Cloud Firewall to protect assets across multiple accounts, purchase Cloud Firewall for your account and add other accounts to Cloud Firewall as members. You do not need to purchase Cloud Firewall for other accounts.
Multi-account Centralized Management	The number of Alibaba Cloud accounts that can be added as members. For more information about the number supported by each edition, see Features and billable items of each edition.
Log Analysis	Specifies whether to enable the log analysis feature. By default, Cloud Firewall retains logs of the last seven days. If you want to store logs for more than seven days or to meet specific classified protection requirements, we recommend that you enable the log analysis feature. The log analysis feature allows Cloud Firewall to store logs from 7 to 365 days, which meets classified protection requirements. For more information, see Log analysis.
Log Storage	The log storage capacity of the log analysis feature. Unit: GB. Valid values: 1000 to 100000. If you select Yes for Log Analysis, you must configure this parameter. Note If you set Protected Internet Traffic to 10 Mbit/s and want to store logs for six months, we recommend that you purchase 1,000 GB of storage capacity. For more information about the billing methods of the log analysis feature, see Billing.
Duration	The subscription duration. You can select or clear Auto-renewal based on your business requirements.

Click Buy Now and complete the payment.
After you complete the payment, you can view the Cloud Firewall edition and remaining validity period in the upper-right corner of the Overview page.

Purchase Cloud Firewall by using the pay-as-go billing method

Go to the Cloud Firewall buy page.
Set Billing Method to Pay-as-you-go.
On the Cloud Firewall (Pay-as-you-go) page, read and select Cloud Firewall (Pay-as-you-go) Terms of Service. Then, click Buy Now.
Confirm your configurations and activate Cloud Firewall that uses the pay-as-you-go billing method.
After Cloud Firewall that uses the pay-as-you-go billing method is purchased, Alibaba Cloud generates a bill at 18:00 every day based on your resource usage. The bill covers the fees for your resource usage on the previous day. If you do not use resources, Alibaba Cloud does not generate a bill, and fees are not deducted from your account balance. For more information, see Pay-as-you-go.

What to do next

Operation	Description	Procedure
Renew	Renew the subscription to extend the validity period of the current Cloud Firewall edition.	Click Renew in the upper-right corner of the Overview page, and then complete the renewal operation as prompted. For more information, see Renewal.
Upgrade	Upgrade the edition during the validity period of Cloud Firewall. Alternatively, upgrade or downgrade the specifications such as Protected Internet Traffic and Protected Public IP Addresses. However, you cannot downgrade the edition of your Cloud Firewall.	Click Change Specifications in the upper-right corner of the Overview page, and then complete the upgrade operation as prompted. For more information, see Renewal.
Bandwidth Upgrade	Use a temporary upgrade solution to increase the protected Internet traffic bandwidth of your Cloud Firewall. The restoration time that you specify must be earlier than the expiration time of your Cloud Firewall. You cannot downgrade the specifications of Cloud Firewall.	Click Bandwidth Upgrade in the upper-right corner of the Overview page, and then complete the upgrade operation as prompted. For more information, see Temporarily upgrade bandwidth.
Auto-renewal	Allow automatic fee deduction and renewal nine days before Cloud Firewall expires.	Click Auto Renewal in the upper-right corner of the Overview page, and then complete the renewal operation as prompted. For more information, see Renewal.

Change the billing method of Cloud Firewall from pay-as-you-go to subscription

You can change the billing method of Cloud Firewall from pay-as-you-go to subscription based on your business requirements.

Important

After the subscription billing method takes effect, you cannot change the billing method to pay-as-you-go.
When you change the billing method, make sure that the new specifications are the same as or higher than the existing specifications.
During the change, a transient connection that lasts several milliseconds may occur. We recommend that you change the billing method during off-peak hours.
After the subscription billing method takes effect, your access control policies are not affected. The IP addresses of your newly purchased assets are automatically protected. You can disable automatic protection for the IP addresses based on your business requirements.
After the subscription billing method takes effect, the historical data of intrusion events is deleted and cannot be restored.

Log on to the Cloud Firewall console.
On the Overview page, click Switch Billing Method from Pay-as-you-go to Subscription in the upper-right corner.
On the Switch Billing Method of Cloud Firewall from Pay-as-you-go to Subscription page, read Note and select I have read and understand the preceding note., and then click Confirm.
On the Cloud Firewall buy page, select an edition of Cloud Firewall based on your business requirements.
The subscription billing method immediately takes effect. For more information about the editions of Cloud Firewall that support the subscription billing method and how to purchase these editions of Cloud Firewall, see Subscription.