Cloud Firewall allows you to back up and roll back access control policies that are created for the Internet firewall, NAT firewalls, and virtual private cloud (VPC) firewalls. You can back up access control policies at a specific point in time. This allows you to quickly roll back the access control policies to the point in time.
Limits
You can back up and roll back access control policies in Cloud Firewall Ultimate Edition or Enterprise Edition, but not in Cloud Firewall Premium Edition.
You must back up or roll back all access control policies that are created for the Internet firewall, NAT firewalls, and VPC firewalls at a time. You cannot back up or roll back only access control policies that are created for the Internet firewall or NAT firewalls. After you perform a rollback operation, access control policies that are created for the Internet firewall and NAT firewalls are rolled back to the point in time when you backed up the policies.
Each Alibaba Cloud account can have up to 12 policy backups.
If your Alibaba Cloud account has 12 policy backups, you must delete a policy backup before you can create another policy backup.
Back up access control policies
You can roll back access control policies only after you backed up the policies.
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose .
On the Toolbox page, click View Backup.
On the Policy Backup and Rollback page, click Create Backup.
In the Create Backup Policy dialog box, enter the description of the policy backup and click OK.
Parameter
Description
Backup Time
The time at which you want to create the policy backup.
Policies
The number of inbound and outbound access control policies that are created for the Internet firewall and the access control policies that are created for VPC firewalls. The policies are created within the current Alibaba Cloud account.
Description
The description of the policy backup that you want to create.
NoteYou can enter up to 256 characters. You can determine which policy backup to use for rollback based on the description and backup time. Enter an informative description to easily identify the policy backup.
You can view the information about the new policy backup on the Policy Backup and Rollback page.
Roll back access control policies
After you perform a rollback operation, the current access control policies are replaced. To ensure that access control policies work as expected, we recommend that you perform the following steps:
You can roll back access control policies to the point in time when you backed up the policies.
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose .
On the Toolbox page, click View Backup.
On the Policy Backup and Rollback page, find the policy backup that you want to use for the rollback operation and click Use Backup in the Actions column.
In the Are you sure that you want to roll back the backup? message, click OK.
NoteThe access control policies are rolled back within seconds.
If a large number of access control policies exist within your Alibaba Cloud account or a large number of users are performing a rollback operation at the same time, a timeout error can occur. If a timeout error occurs, the system displays a message instructing you to address the issue.
If the rollback fails, the access control policies remain unchanged.
Delete a policy backup
To delete a policy backup, go to the Policy Backup and Rollback page, find the policy backup that you want to delete, and then click Delete Backup in the Actions column.
After you delete a policy backup, you cannot restore the access control policies that are included in the backup. Proceed with caution.