All Products
Search
Document Center

Cloud Firewall:Subscription

Last Updated:Feb 20, 2024

Subscription is a billing method that requires you to pay for resources before you can use the resources. The subscription billing method allows you to reserve resources and purchase resources at discounted rates. This topic describes the billing rules of the subscription billing method.

Billable items

Note
  • In the following table, a tick (对) indicates that the feature is supported, and a cross (×) indicates that the feature is not supported.

  • For more information about the traffic and cloud assets that can be protected by Cloud Firewall, see Protection scope. The following rules are based on the total traffic or cloud assets of the current account and its member accounts.

Feature or billable item

Premium Edition

Enterprise Edition

Ultimate Edition

Description

Basic price

USD 420 per month.

USD 1,450 per month.

USD 3,900 per month.

The basic price covers only the default specifications. Additional quotas or value-added items are not covered.

Subscription duration

Valid values: 1 Month, 3 Months, 6 Months, 1 Year, 2 Years, and 3 Years.

None.

Protected Public IP Addresses

The basic price covers 20 public IP addresses. Valid values: 20 to 1000.

The basic price covers 50 public IP addresses. Valid values: 50 to 1000.

The basic price covers 400 public IP addresses. Valid values: 400 to 1000.

The number of public IP addresses that can be protected by the Internet firewall. Extra fee: USD 7 per month for each additional public IP address that you want to protect.

Protected Internet Traffic

The basic price covers 10 Mbit/s of bandwidth. Valid values: 10 to 5000. Unit: Mbit/s.

The basic price covers 50 Mbit/s of bandwidth. Valid values: 50 to 5000. Unit: Mbit/s.

The basic price covers 200 Mbit/s of bandwidth. Valid values: 200 to 15000. Unit: Mbit/s.

The peak Internet traffic that can be protected. Metering metric: the peak outbound or inbound Internet traffic, whichever is greater.

Extra fee: USD 7 per month for each 1 Mbit/s of additional bandwidth.

Number of supported virtual private cloud (VPC) firewalls

错

The basic price covers 2 VPC firewalls. Valid values: 2 to 100.

The basic price covers 5 VPC firewalls. Valid values: 5 to 200.

The number of VPC firewalls that can be created. Extra fee: USD 300 per month for each additional VPC firewall.

Protected VPC Traffic

错

The basic price covers 200 Mbit/s of bandwidth. Valid values: 200 to 5000. Unit: Mbit/s.

The basic price covers 1,000 Mbit/s of bandwidth. Valid values: 1000 to 10000. Unit: Mbit/s.

The peak cross-VPC traffic that can be protected.

Extra fee: USD 7.5 for each 50 Mbit/s of additional bandwidth.

NAT Firewalls

The basic price does not cover this specification. Valid values: 1 to 20.

The basic price covers 1 NAT firewall. Valid values: 1 to 100.

The basic price covers 2 NAT firewalls. Valid values: 2 to 1000.

The number of NAT firewalls that can be created. You can create a NAT firewall for a NAT gateway.

Extra fee: USD 32 per month for each additional NAT firewall.

Protected Private Network Traffic of NAT Gateway

The basic price does not cover this specification. Valid values: 5 to 1000. Unit: Mbit/s.

The basic price covers 10 Mbit/s of bandwidth. Valid values: 10 to 5000. Unit: Mbit/s.

The basic price covers 20 Mbit/s of bandwidth. Valid values: 20 to 10000. Unit: Mbit/s.

The total peak traffic from the protected internal-facing assets to the Internet. Extra fee:

  • Additional bandwidth < 200 Mbit/s: USD 5.5 per month for each 1 Mbit/s of additional bandwidth.

  • 200 Mbit/s ≤ Additional bandwidth < 1,000 Mbit/s: USD 3.2 per month for each 1 Mbit/s of additional bandwidth.

  • Additional bandwidth ≥ 1,000 Mbit/s: USD 2.4 per month for each 1 Mbit/s of additional bandwidth.

Quota for Additional Policy

The basic price covers 4,000 access control policies for the Internet firewall.

Valid values for an additional quota: 0 to 50000.

The basic price covers the following number of access control policies for each type of firewall:

  • Internet firewall: 10,000

  • NAT firewall: 10,000

  • VPC firewall: 10,000

Valid values for an additional quota: 0 to 100000.

The basic price covers the following number of access control policies for each type of firewall:

  • Internet firewall: 20,000

  • NAT firewall: 20,000

  • VPC firewall: 20,000

Valid values for an additional quota: 0 to 200000.

The additional quota on access control policies is applicable to access control policies for the Internet firewall, NAT firewalls, and VPC firewalls. Extra fee:

  • Tier 1: If the number of additional access control policies that you want to create ranges from 0 to 10,000, the extra fee is USD 0.02 per month for each additional access control policy in this tier.

  • Tier 2: If the number of additional access control policies that you want to create ranges from 10,000 to 50,000, the extra fee is USD 0.015 per month for each additional access control policy in this tier.

  • Tier 3: If the number of additional access control policies that you want to create is greater than 50,000, the extra fee is USD 0.01 per month for each additional access control policy in this tier.

Note

For more information about how to calculate the quota that is consumed by an access control policy, see Quota consumed by access control policies.

Managed Members

The basic price covers one account. Valid values: 1 to 20.

The basic price covers one account. Valid values: 1 to 50.

The basic price covers one account. Valid values: 1 to 1000.

This item is supported only when you set the Multi-account Management parameter to Yes. Extra fee:

  • If the number of additional accounts that you add to multi-account management is less than or equal to 10, you are charged USD 390 per account-month.

  • If the number of additional accounts that you add to multi-account management is greater than 10, you are charged USD 310 per account-month.

Storage capacity for log analysis

The basic price does not cover this specification. Valid values: 1000 to 100000. Unit: GB.

The basic price does not cover this specification. Valid values: 1000 to 100000. Unit: GB.

The basic price does not cover this specification. Valid values: 1000 to 100000. Unit: GB.

By default, Cloud Firewall stores audit logs for seven days, including event logs, traffic logs, and operation logs. If you want to store the logs for a longer period of time or meet classified protection requirements, we recommend that you enable the log analysis feature.

Extra fee: USD 80 per 1,000 GB-month.

Billing examples

An enterprise user has 60 public IP addresses and requires 60 Mbit/s of Internet bandwidth. The user subscribes to Cloud Firewall Enterprise Edition for six months.

The total service fee is calculated by using the following formula: (USD 1,450 + Fee for extra 10 public IP addresses × USD 7 + Fee for extra 10 Mbit/s of bandwidth × USD 7) × 6.

Billing cycle

The billing cycle starts from the purchase date of Cloud Firewall and ends on the expiration date of Cloud Firewall.

Purchase Cloud Firewall by using the subscription billing method

  1. Go to the Cloud Firewall buy page. Set Product Type to Subscription.

  2. Configure the following parameters, click Buy Now, and then complete the payment.

    Parameter

    Description

    Current Version

    The edition of Cloud Firewall that you want to purchase.

    After you select an edition, you can view the features provided by the edition in the Features section.

    Protected Public IP Addresses

    The number of public IP addresses that can be protected by the Internet firewall.

    • Premium Edition: The basic price covers 20 public IP addresses. Valid values for an additional quota: 20 to 1000.

    • Enterprise Edition: The basic price covers 50 public IP addresses. Valid values for an additional quota: 50 to 1000.

    • Ultimate Edition: The base price covers 400 public IP addresses. Valid values for an additional quota: 400 to 1000.

    Protected Internet Traffic

    The peak Internet traffic that can be protected by Cloud Firewall. The metering metric is the peak outbound or inbound Internet traffic, whichever is greater. We recommend that you set this parameter to the Internet bandwidth of your business.

    • Premium Edition: The basic price covers 10 Mbit/s of bandwidth. Valid values for an additional quota: 10 to 2000. Unit: Mbit/s.

    • Enterprise Edition: The basic price covers 50 Mbit/s of bandwidth. Valid values for an additional quota: 50 to 5000. Unit: Mbit/s.

    • Ultimate Edition: The basic price covers 200 Mbit/s of bandwidth. Valid values for an additional quota: 200 to 15000. Unit: Mbit/s.

    If the specification does not meet your business requirements, contact your account manager to apply for a bandwidth increase.

    Number of VPC Firewalls

    The number of VPCs that can be protected by Cloud Firewall. You can configure this parameter only if you select Enterprise Edition or Ultimate Edition for the Current Version parameter.

    • Enterprise Edition: The basic price covers 2 VPC firewalls. Valid values for an additional quota: 2 to 100.

    • Ultimate Edition: The basic price covers 5 VPC firewalls. Valid values for an additional quota: 5 to 200.

    Protected VPC Traffic

    The peak cross-VPC traffic that can be protected. You can configure this parameter only if you select Enterprise Edition or Ultimate Edition for the Current Version parameter.

    • Enterprise Edition: The basic price covers 200 Mbit/s of bandwidth. Valid values for an additional quota: 200 to 5000. Unit: Mbit/s.

    • Ultimate Edition: The basic price covers 1,000 Mbit/s of bandwidth. Valid values for an additional quota: 1000 to 10000. Unit: Mbit/s.

      Note

      If cross-VPC traffic exceeds 10 Gbit/s, you must contact your account manager to apply for higher traffic processing capabilities one month in advance.

    NAT Firewalls

    The number of NAT firewalls that you can create.

    • Premium Edition: The basic price does not cover this specification. Valid values for an additional quota: 1 to 20.

    • Enterprise Edition: The basic price covers 1 NAT firewall. Valid values for an additional quota: 1 to 100.

    • Ultimate Edition: The basic price covers 2 NAT firewalls. Valid values for an additional quota: 2 to 1000.

    Protected Private Network Traffic of NAT Gateway

    The peak traffic that can be protected by a NAT firewall in Cloud Firewall. The peak traffic can be specified in increments of 5 Mbit/s.

    • Premium Edition: The basic price does not cover this specification. Valid values for an additional quota: 5 to 1000. Unit: Mbit/s.

    • Enterprise Edition: The basic price covers 10 Mbit/s of bandwidth. Valid values for an additional quota: 10 to 5000. Unit: Mbit/s.

    • Ultimate Edition: The basic price covers 20 Mbit/s of bandwidth. Valid values for an additional quota: 20 to 10000. Unit: Mbit/s.

    Quota for Additional Policy

    The quota for access control policies. If the quota for access control policies of your Cloud Firewall is exhausted, you can increase the value of the Quota for Additional Policy parameter to purchase the quota for access control policies.

    • Premium Edition: 0 to 50000

    • Enterprise Edition: 0 to 100000

    • Ultimate Edition: 0 to 200000

    Multi-account Management

    If you have multiple Alibaba Cloud accounts in your enterprise and you want to manage the accounts in a centralized manner, you can enable the multi-account management feature. To use Cloud Firewall to protect assets across multiple accounts, purchase Cloud Firewall for your account and add other accounts to Cloud Firewall as members. You do not need to purchase Cloud Firewall for other accounts.

    If you set the Multi-account Management parameter to Yes, you must configure the Managed Members parameter.

    • Premium Edition: The basic price covers one account. Valid values: 1 to 20.

    • Enterprise Edition: The basic price covers one account. Valid values: 1 to 50.

    • Ultimate Edition: The basic price covers one account. Valid values: 1 to 1000.

    Managed Members

    Log Analysis

    Specifies whether to enable the log analysis feature.

    By default, Cloud Firewall stores audit logs for seven days. If you want to store audit logs for a longer period of time, meet classified protection requirements, or export audit logs, we recommend that you enable the log analysis feature. The log analysis feature allows Cloud Firewall to store logs from 7 to 730 days.

    If your Internet bandwidth is 10 Mbit/s and you want to store logs for six months, we recommend that you purchase 1,000 GB of storage capacity.

    Note

    For more information, see Overview and Billing.

    Log Storage

    Duration

    The subscription duration. You can select or clear Auto-renewal based on your business requirements.

    Note

    The auto-renewal cycle is based on the subscription duration. If you purchase a monthly or yearly subscription, Cloud Firewall is renewed on a monthly or yearly basis. For example, if you select 6 Months for Duration and select Auto-renewal, Cloud Firewall is automatically renewed for one month after expiration.

References