If the access control policies that you configure for the Internet firewall and virtual private cloud (VPC) firewalls no longer meet your business requirements, you can roll back the access control policies to specified policies that you back up. This topic describes how to back up and roll back access control policies.

Background information

Each Alibaba Cloud account can have up to 12 policy backups at a time. If your Alibaba Cloud account has 12 policy backups, you must delete a policy backup before you can create another policy backup. For more information about how to delete a policy backup, see What to do next.

Policy rollback indicates that in-use policies are replaced with the policies that you have backed up. To ensure that access control policies work normally, we recommend that you perform the following operations to roll back in-use policies:
  1. Back up the policies.
  2. During off-peak hours, disable all firewalls.
  3. Roll back the policies by using the policy backup.
  4. After you roll back the policies, enable the firewalls one by one and verify that access to your services is normal.

Limits

You can back up and roll back the access control policies in Cloud Firewall Ultimate Edition or Enterprise Edition, but not in Cloud Firewall Premium Edition.

You can back up and roll back the access control policies only of the Internet firewall and VPC firewalls.

Back up access control policies

You can roll back access control policies only if you have backed up the policies.

  1. Log on to the Cloud Firewall console.
  2. In the left-side navigation pane, choose Settings > Toolbox.
  3. On the Toolbox page, click View Backup.
  4. On the Policy Backup and Rollback page, click New Backup.
  5. In the Backup Policy dialog box, enter the description of the policy backup and click OK.
    Parameter Description
    Backup Time The time at which you create the policy backup for access control policies.
    Policies The number of inbound and outbound access control policies that are created for the Internet firewall and the access control policies that are created for VPC firewalls. The policies are created within the current Alibaba Cloud account.
    Description The description of the policy backup that you want to create.
    Note You can enter up to 256 characters for Description. You can determine which policy backup to use for rollback based on the description and backup time. To help identify the backup, enter an informative description.
    You can view the information about the new policy backup on the Policy Backup and Rollback page.

Roll back access control policies

You can roll back access control policies to restore the policies to a point in time when you back up the policies.

  1. Log on to the Cloud Firewall console.
  2. In the left-side navigation pane, choose Settings > Toolbox.
  3. On the Toolbox page, click View Backup.
  4. On the Policy Backup and Rollback page, find the policy backup that you want to use for the rollback and click Use Backup in the Actions column.
  5. In the Are you sure you want to roll back the policy by using this backup? message, click OK.
    Note
    • The policies are rolled back in seconds.
    • If a large number of access control policies exist within your Alibaba Cloud account or a large number of users are performing rollback at the same time, a timeout error can occur. If a timeout error occurs, the system displays prompts for you to address the issue.
    • If the rollback fails, the access control policies remain unchanged.

What to do next

To delete a historical policy backup, go to the Policy Backup and Rollback page, find the policy backup that you want to delete, and then click Delete Backup in the Actions column.