Dear Tencent Cloud user,
In order to provide you with a more refined, stable, and high-quality Cloud Firewall (CFW) service, an edge serial firewall will be added to CFW, which is scheduled for a gradual regional roll out starting from November 2023. Upon the release of the Internet edge serial firewall, we will simultaneously have two different forms of north-south protection capabilities: Internet edge serial firewall and NAT edge firewall.
To facilitate your own bandwidth allocation and consider the overlap of north-south protection features, we will make adjustments to CFW's billing mode from 00:00 (GMT+8:00) on December 11, 2023. The specific product upgrades and billing mode adjustments are as follows:
New Billing Specifications
|
Billing mode | Monthly and yearly subscription | Monthly and yearly subscription | Monthly and yearly subscription | Not supported |
Basic price | 420 USD/month | 1,450 USD/month | 3,900 USD/month | Not supported |
Available purchase duration | 6 months, 1 year, 2 years, 3 years, 5 years | 1 month, 3 months, 6 months, 1 year, 2 years, 3 years, 5 years | Not supported | Not supported |
Discount | 6 months or less purchase: standard price 1-year purchase: 15% discount 2-year purchase: 30% discount 3-year purchase or more: 50% discount |
|
| Not supported |
North-south protection bandwidth: can be allocated to Internet edge serial firewalls and NAT edge firewalls | Default value: 20 Mbps Maximum value: 200 Mbps | Default value: 100 Mbps Maximum value: 1 Gbps | Default value: 300 Mbps Maximum value: 30 Gbps | Expanded bandwidth: 16 USD/Mbps/month |
Number of public IP addresses | 10 addresses | 50 addresses | 200 addresses | For each 1 Mbps of expanded north-south bandwidth, the supported number of public IP addresses increases by 1. |
General instance quota: can be used to create Internet edge firewall instances, NAT edge firewall instances, and inter-VPC firewall instances | 1 instance | 2 instances | 3 instances | Supports expansion, at a price of 430 USD/instance/month. |
Internet access control | 1,000 L4/L7 outbound rules and 1,000 L4/L7 inbound rules | 2,000 L4/L7 outbound rules and 2,000 L4/L7 inbound rules | 5,000 L4/L7 outbound rules and 5,000 L4/L7 inbound rules | Not supported |
Regional blocking for Internet access control | Not supported | Supported | Supported | Not supported |
Inter-VPC firewall bandwidth | Not Supported | Default value: 200 Mbps | Default value: 1 Gbps | Expansion of inter-VPC firewall to 10 Mbps: 12 USD/month Expansion of inter-VPC firewall to 1 Gbps: 749 USD/month Firewall instances at or below 1 Gbps are lightweight instances and do not include intrusion prevention features. |
Network honeypot | Supported, requiring purchase of quota | Supported, requiring purchase of quota | Supported, requiring purchase of quota | 99 USD/honeypot/month, with 1 probe quota included. |
Log analysis (analysis and 6-month storage): Up to 50 GB of logs are stored for 7 days by default. Note: The actual storage duration is subject to your configuration in the console. | With the purchase of log analysis, you receive a free capacity of 1000 GB, which can be expanded to up to 100,000 GB. | With the purchase of log analysis, you receive a free capacity of 1000 GB, which can be expanded to up to 100,000 GB (supports enterprise security group logs). Offering begins from 3000 GB, with an accompanying complimentary log analysis quota. | With the purchase of log analysis, you receive a free capacity of 1000 GB, which can be expanded to up to 100,000 GB (supports enterprise security group logs). Offering begins from 5000 GB, inclusive of a complimentary log analysis quota. | Elastic scaling: 0.13 USD/GB/month; the storage period is identical to the subscription period. Pay-as-you-go: For the portion between 1000 GB and 6120 GB, the cost is 0.006 USD/GB/day; for the portion exceeding 6120 GB, the cost is 0.004 USD/GB/day. |
Traffic visualization | Supported | Supported | Supported | Not supported |
Intrusion prevention service (IPS) (intelligent intrusion blocking) | Supported | Supported | Supported | Not supported |
Blocked list | 4,000 entries | 10,000 entries | 20,000 entries | Blocked list capacity expansion: 0.2 USD/entry/month |
Integrated threat intelligence (automatic blocking of malicious outbound connections) | Supported | Supported | Supported | Not supported |
Enterprise security group | Supported for a limited time | Supported | Supported | Not supported |
Security baseline | Not supported | Not supported | Supported | Not supported |
Comparison Between the New and Old Billing Modes
1. The original Internet edge firewall bandwidth is upgraded to the north-south protection bandwidth. With each purchase of 1 Mbps north-south protection bandwidth, you will receive one free public IP address quota supported by the Internet edge firewall.
Note:
North-south protection bandwidth = Internet edge serial firewall bandwidth + NAT edge firewall bandwidth. You can allocate north-south bandwidth to any north-south firewall as required.
2. The original firewall instance quota is upgraded to the general instance quota; the Advanced, Enterprise, and Ultimate editions contain 1, 2, and 3 general scalable instance quotas, respectively.
Note:
The general instance quota can be used to create Internet edge serial firewall instances, NAT edge firewall instances, or inter-VPC firewall instances (only for the Enterprise edition and above).
3. The scaling of the original VPC firewall bandwidth requires purchasing the inter-VPC firewall feature. After this billing mode adjustment, users of the Enterprise edition and above will get an additional gift of inter-VPC firewall bandwidth quota, with the Enterprise edition receiving a 200 Mbps quota and the Ultimate edition receiving a 1 Gbps quota.
Note:
Inter-VPC firewalls with specifications under 1 Gbps are lightweight firewalls and do not provide intrusion prevention. For more details, see Inter-VPC Firewall Toggle. Legacy User Discount Policies
If you have purchased a CFW product before the implementation of the new billing mode, as a token of our appreciation for your continuous support, we will upgrade the product specifications you have purchased and gift you with the following specifications after the new billing mode is implemented:
1. As of the date when the new billing mode takes effect, for the Internet edge firewall bandwidth you have purchased, we will offer you a free upgrade to the north-south protection bandwidth, allowing you to distribute your bandwidth to the Internet edge serial firewall or NAT edge firewall as required.
2. As of the date when the new billing mode takes effect, if the firewall instance quota you had before the billing mode takes effect exceeds the new package specifications and, subsequently, there is no downgrading behavior within the package's validity period, we will increase the general instance quota so that the quota is equal to the "sum of the current NAT edge firewall instance quota and the created VPC firewall instance quota" within the package's validity period.
Example:
On the day when the new billing mode takes effect, you are an Ultimate edition user with a quota for 5 NAT edge firewall instances, and you have already created 1 inter-VPC firewall instance. Although according to the new billing mode, you only have a quota of 3 general instances, we will automatically increase your quota to 6 general instances once the new billing mode takes effect. Please note that existing firewall instances will occupy the general instance quota. If you need to reallocate the general instance quota, you can terminate firewall instances in the console.
3. If you are an Enterprise edition or Ultimate edition user, once the new billing mode takes effect, we will automatically enable the inter-VPC firewall feature for you, and gift you additional inter-VPC firewall bandwidth quota included in the new package based on the inter-VPC firewall you have already purchased, if any.
4. If there is a downgrading behavior during the package's validity period, the gift specifications of the firewall instance quota will be canceled.
FAQs
For a legacy user, will the bandwidth originally purchased decrease after the billing mode adjustment?
No. We sincerely appreciate your trust and support. After the billing mode adjustment, the bandwidth quota you originally purchased will not decrease compared to that of the new billing mode; on the contrary, its usability will become more flexible, and you can distribute quota at will to the Internet edge serial firewall bandwidth or NAT edge firewall bandwidth.
For a legacy user, will the created NAT edge firewall be affected by the billing mode adjustment?
No. Following the billing mode adjustment, the original Internet edge bandwidth will be upgraded to the north-south protection bandwidth, and the NAT edge firewall that you have created will occupy the quota of the north-south protection bandwidth.
For a legacy user, will the purchased or created inter-VPC firewall be affected by the billing mode adjustment?
No. If you have previously purchased the inter-VPC firewall, the quota will still remain after the billing mode adjustment, and the inter-VPC firewall bandwidth quota that comes with the package will be provided in addition to the original quota. For example, if you are an Ultimate edition user and previously bought 1 Gbps of the inter-VPC firewall bandwidth, after the billing mode adjustment, you will have 2 Gbps of the inter-VPC firewall bandwidth.
After the new billing mode is launched, can I select the original billing plan?
From the effective date of the new billing mode, new CFW users will automatically adapt to the new billing plan and cannot choose the original billing plan. If you have purchased CFW before the new billing mode takes effect, we will automatically switch you to the new plan and you will enjoy the preferential policies for legacy users.
If you have any questions about the above information, feel free to submit a ticket to contact us. We appreciate your continued support for CFW.
Was this page helpful?