Subscription is a billing method that requires you to pay for resources before you can use the resources. The subscription method allows you to reserve resources and purchase resources at discounted rates. This topic describes the billing rules of the subscription billing method.
Features and billable items of each edition
In the following table, ticks (
) indicate that the feature is supported, and crosses (
) indicate that the feature is not supported.
Feature or billable item | Premium Edition | Enterprise Edition | Ultimate Edition | Description |
Basic price | USD 420 per month. | USD 1,450 per month. | USD 3,900 per month. | The basic price covers only the default specifications. Additional quotas or value-added items are not covered. |
Subscription duration | Monthly subscription supported. Valid values: 1 Month, 3 Months, 6 Months, 1 Year, 2 Years, and 3 Years. | Monthly subscription supported. Valid values: 1 Month, 3 Months, 6 Months, 1 Year, 2 Years, and 3 Years. | Monthly subscription supported. Valid values: 1 Month, 3 Months, 6 Months, 1 Year, 2 Years, and 3 Years. | |
Protected Public IP Addresses (number of public IP addresses that can be protected) | The basic price covers 20 public IP addresses. Valid values for an additional quota: 20 to 1000. | The basic price covers 50 public IP addresses. Valid values for an additional quota: 50 to 1000. | The basic price covers 400 public IP addresses. Valid values for an additional quota: 400 to 1000. | Extra fee: USD 7 per month for each additional public IP address that you want to protect. |
Protected Internet Traffic (peak Internet bandwidth that can be protected) | The basic price covers 10 Mbit/s of bandwidth. Valid values for an additional quota: 10 to 2000. Unit: Mbit/s. | The basic price covers 50 Mbit/s of bandwidth. Valid values for an additional quota: 50 to 5000. Unit: Mbit/s. | The basic price covers 200 Mbit/s of bandwidth. Valid values for an additional quota: 200 to 15000. Unit: Mbit/s. | Extra fee: USD 7 per month for each increment of 1 Mbit/s of bandwidth. Note Metering metric: the peak outbound or inbound Internet traffic, whichever is greater. |
Quota for Additional Policies (number of access control policies that can be configured) | The basic price covers 4,000 access control policies for the Internet firewall. Valid values for an additional quota: 0 to 50000. | The basic price covers the following numbers of access control policies for each type of firewalls:
Valid values for an additional quota: 0 to 100000. Note
| The basic price covers the following numbers of access control policies for each type of firewalls:
Valid values for an additional quota: 0 to 200000. Note
| The quota that is occupied by a policy is calculated based on the number of minimum items in policies, such as the numbers of source CIDR blocks, source regions, destination CIDR blocks, and port ranges. The quota occupied by a policy is calculated based on the following formula: Quota occupied by a policy = Number of source addresses (number of CIDR blocks or regions) × Number of destination addresses (number of CIDR blocks, regions, or domain names) × Number of port ranges × Number of applications The extra fee varies based on the number of additional access control policies that you want to create.
|
Threat prevention by using the intrusion prevention system (IPS) and virtual patches | | | | Only Cloud Firewall Enterprise Edition and Ultimate Edition allow you to customize basic protection policies and virtual patching policies. |
IPS whitelist | | | | None. |
Visualization of security group traffic | | | | None. |
Synchronization of security group policies | | | | None. |
Isolation between VPCs | | | | None. |
Number of VPC Firewalls | | The basic price covers 2 VPC firewalls. Valid values for an additional quota: 2 to 200. | The basic price covers 5 VPC firewalls. Valid values for an additional quota: 5 to 500. | Extra fee: USD 300 per month for each additional VPC firewall. |
Protected VPC Traffic (peak cross-VPC bandwidth that can be protected) | | The basic price covers 200 Mbit/s of bandwidth. Valid values for an additional quota: 200 to 5000. Unit: Mbit/s. | The basic price covers 1,000 Mbit/s of bandwidth. Valid values for an additional quota: 1000 to 10000. Unit: Mbit/s. Note If the traffic between VPCs exceeds 10 Gbit/s, you must contact your business manager to apply for higher traffic processing capabilities one month in advance. | Extra fee: USD 7.5 for each increment of 50 Mbit/s of bandwidth. |
Managed Members (number of managed Alibaba Cloud accounts) Note This item is supported only when you set the Multi-account Management parameter to Yes. | The basic price does not cover this specification. Valid values for an additional quota: 1 to 20. | The basic price does not cover this specification. Valid values for an additional quota: 1 to 50. | The basic price does not cover this specification. Valid values for an additional quota: 1 to 1000. | Extra fee: If the number of additional managed accounts that you add is less than 10, you are charged USD 390 per account-month. If the number of additional managed accounts that you add is greater than or equal to 10, you are charged USD 310 per account-month. |
Log analysis | Provides 5-tuple logs. | Provides 5-tuple logs. | Provides 5-tuple logs. | By default, Cloud Firewall retains logs of the last seven days. If you want to store logs for more than seven days or to meet specific classified protection requirements, we recommend that you enable the log analysis feature. If you enable the log analysis feature, Cloud Firewall can retain logs for six months and allows you to export the logs. |
Log storage capacity |
| The basic price does not cover this specification. Valid values for log storage capacity: 1000 to 100000. Unit: GB. | The basic price does not cover this specification. Valid values for log storage capacity: 1000 to 100000. Unit: GB. | Extra fee: USD 80 per 1,000 GB. |
For more information about the traffic and cloud assets that can be protected by Cloud Firewall, see Protection scope.
Billing examples
An enterprise user has 60 public IP addresses and requires 60 Mbit/s of Internet bandwidth. If the user subscribes to Cloud Firewall Enterprise Edition for six months,
the total service fee is calculated by using the following formula: (USD 1,450 + Fee of extra 10 public IP addresses × USD 7 + Fee of extra 10 Mbit/s of bandwidth × USD 7) × 6.
Billing cycle
The billing cycle starts from the date you purchase Cloud Firewall and ends on the date Cloud Firewall expires.
Purchase Cloud Firewall by using the subscription billing method
Visit the Cloud Firewall buy page.
Set Billing Method to Subscription.
Configure the following parameters based on your business requirements.
Parameter
Description
Current Version
The edition of Cloud Firewall that you want to purchase. Valid values:
Premium Edition
Enterprise Edition
Ultimate Edition
The features provided by Cloud Firewall vary based on the edition. You can click an edition and view the features in the Features section. For more information, see Functions and features.
For more information about the pricing of each edition, see Subscription.
Protected Public IP Addresses
The number of public IP addresses that can be protected by the Internet firewall. Valid values:
Premium Edition: 20 to 1000
Enterprise Edition: 50 to 1000
Ultimate Edition: 400 to 1000
Protected Internet Traffic
The peak Internet traffic that can be protected by Cloud Firewall. Valid values:
Premium Edition: 10 to 2000 Mbit/s
Enterprise Edition: 50 to 5000 Mbit/s
Ultimate Edition: 200 to 15000 Mbit/s
NoteWe recommend that you set this parameter to the Internet bandwidth of your business.
If the specification does not meet your business requirements, contact your business manager to apply for a bandwidth increase.
Protected VPCs
The number of VPCs that can be protected by Cloud Firewall. You can configure this parameter only if you select Enterprise Edition or Ultimate Edition for Current Version. Valid values:
Enterprise Edition: 2 to 100
Ultimate Edition: 5 to 200
Protected VPC Traffic
The maximum traffic that can be protected between VPCs. You can configure this parameter only if you select Enterprise Edition or Ultimate Edition for Current Version. Valid values:
Enterprise Edition: 200 to 5000 Mbit/s
If the specifications of Cloud Firewall cannot meet your business requirements, increase the value of Protected VPC Traffic. The maximum value of Protected VPC Traffic is 5 Gbit/s.
Ultimate Edition: 1000 to 10000 Mbit/s
If the specifications of Cloud Firewall cannot meet your business requirements, increase the value of Protected VPC Traffic. The maximum value of Protected VPC Traffic is 10 Gbit/s.
If the traffic between VPCs exceeds 10 Gbit/s, you must contact your business manager to apply for higher traffic processing capabilities one month in advance.
Quota for Additional Policy
The quota for additional access control policies. Valid values:
Premium Edition: 0 to 50000
Enterprise Edition: 0 to 100000
Ultimate Edition: 0 to 200000
Multi-account Management
Specifies whether to enable the multi-account management feature.
If you have multiple Alibaba Cloud accounts in your enterprise and you want to manage the accounts in a centralized manner, you can enable the multi-account management feature. To use Cloud Firewall to protect assets across multiple accounts, purchase Cloud Firewall for your account and add other accounts to Cloud Firewall as members. You do not need to purchase Cloud Firewall for other accounts.
Managed Members
The number of Alibaba Cloud accounts that can be added as members. For more information about the number supported by each edition, see Features and billable items of each edition.
Log Analysis
Specifies whether to enable the log analysis feature.
By default, Cloud Firewall retains logs of the last seven days. If you want to store logs for more than seven days or to meet specific classified protection requirements, we recommend that you enable the log analysis feature.
The log analysis feature allows Cloud Firewall to store logs from 7 to 365 days, which meets classified protection requirements. For more information, see Log analysis.
Log Storage
The log storage capacity of the log analysis feature. Valid values: 1000 to 100000 GB.
If you select Yes for Log Analysis, you must configure this parameter.
NoteIf your Internet bandwidth is 10 Mbit/s and you want to store logs for six months, we recommend that you purchase 1,000 GB of storage capacity.
For more information about the billing methods of the log analysis feature, see Billing.
Duration
The subscription duration.
You can select or clear Auto-renewal based on your business requirements.
Click Buy Now and complete the payment.
After you complete the payment, you can view the Cloud Firewall edition and remaining validity period in the upper-right corner of the Overview page.