Cloud Firewall allows you to back up and roll back access control policies for both
inbound and outbound traffic on the Internet firewall. This topic describes how to
back up and roll back an access control policy.
Background information
You can roll back access control policies in the Ultimate Edition or Enterprise Edition
of Cloud Firewall, but not in the Premium Edition.
Each Alibaba Cloud account can have up to 12 policy backups at a time. If your Alibaba
Cloud account has 12 policy backups, you must delete a policy backup before you can
create another policy backup. For information about how to delete a policy backup,
see Related operations. The number of times you can create policy backups each day is unlimited.
Policy rollback indicates that an in-use policy is replaced with a policy that you
have backed up. To ensure that access control policies work normally, we recommend
that you perform the following operations to roll back an in-use policy:
- Back up the policy.
- During off-peak hours, disable all firewalls.
- Roll back the policy.
- After the policy is rolled back, enable the firewalls one by one and verify that access
to your services is normal.
Note Only access control policies of the Internet firewall can be rolled back. The access
control policies of virtual private cloud (VPC) firewalls and internal firewalls cannot
be rolled back.
Back up an access control policy
- Log on to the Cloud Firewall console.
- In the left-side navigation pane, choose .
- On the Toolbox page, click View Backup.

- On the Policy Backup and Rollback page, click New Backup.

- In the Backup Policy dialog box, enter the description of the policy backup and click OK.

The following table describes the parameters in the Backup Policy dialog box.
Parameter |
Description |
Backup Time |
The time when the access control policy for both inbound and outbound traffic on the
Internet firewall is backed up.
|
Policies |
The number of access control policies for both inbound and outbound traffic on the
Internet firewall. The policies are created within the current Alibaba Cloud account.
|
Description |
The description of the policy backup that you want to create.
Note You can enter up to 256 characters for Description. You can determine which policy
backup to use for rollback based on the description and backup time. To help identify
the backup, enter an informative description.
|
You can view the new policy backup on the
Policy Backup and Rollback page.

Roll back an access control policy
After you create backups of a policy, you can roll back the policy to restore one
of the policy backups.
- Log on to the Cloud Firewall console.
- In the left-side navigation pane, choose .
- On the Toolbox page, click View Backup.

- On the Policy Backup and Rollback page, find the backup that you want to use for the policy rollback and click Use Backup in the Actions column.

- In the Are you sure you want to roll back the policy by using this backup? message, click OK.

Note
- The policy is rolled back in seconds.
- If a large number of access control policies exist within your Alibaba Cloud account,
or a large number of users are performing policy rollback at the same time, a timeout
error can occur. If a timeout error occurs, the system displays prompts for you to
address the issue.
- If the rollback fails, the access control policy that is in use remains unchanged.
Related operations
To delete the backups of a policy, go to the Policy Backup and Rollback page, find the backup that you want to delete, and then click Delete Backup in the Actions column.