The page has been translated by Gen AI.

Overview

Service Overview

FPMS(Firewall Policy Management System) is a firewall operation automation service for efficient and safe operation of firewalls in various cloud environments. It automates all processes that operators are currently performing manually, eliminating human errors and failures, and reducing the user’s service lead time.

Features

  • Failure Prevention: Prevent human errors that may occur when manually registering firewall policies, and check if the IP, Port information, etc. of the application information is a value that conforms to grammar and structure, thereby converting it to the correct data to prevent failures in advance.
  • Improved Operational Convenience: It provides features such as automating firewall policy application and replicating the applied policy to another firewall for duplication configuration. It can be used to enable policies to be used only for a certain period of time using the firewall policy expiration feature provided by FPMS, and provides features such as automatic deletion of inactive policies, which can reduce the operational burden of personnel.
  • Firewall Policy Optimization: Optimizes the firewall policy being applied by utilizing optimization algorithms, and also checks for duplicate or permanent policies to prevent unnecessary rule applications.
  • Continuous Security Enhancement: Analyze and diagnose excessive open policies, expired or unmanaged policies, and quantify the scores by department to easily grasp the vulnerability status. Additionally, the vulnerability handling guide enables continuous security enhancement.

Service Composition Diagram

Configuration Diagram
Figure. FPMS Configuration Diagram

Provided Features

FPMS provides the following functions.

  • Policy Management
    • Policy change history management and real-time monitoring
  • Policy search and policy expiration management
  • Policy Auto Registration
    • Check application information consistency and automatic conversion
    • Network operation/security standard inspection and conversion
    • Automatic creation/application of rules based on firewall vendor characteristics
  • Policy Optimization
    • Remove duplicates of policy address/port/protocol
  • Policy pattern analysis optimization
    • Analysis of unused/expired/duplicate policies
  • Policy Security Analysis
    • Provides security index results by firewall policy
    • Analyze the similarity between application information and policy, and report risks after analysis

Component

Firewall

FPMS can register and manage firewalls in operation.

  • It is necessary to check if the firewall is connectable before registration. (Check manufacturer, model name, OS version)
  • FPMS uses API to access firewall devices and put in policies or retrieve information. To do this, the firewall operator must create a linked account on the firewall device and set up API settings or check information to enable access.

Firewall Application System

To retrieve the firewall application data, FPMS and the application system must be linked.

Constraints

The limitations of the FPMS service are as follows. Please confirm the limitations below before use and reflect them in your service usage plan.

  • A separate infrastructure must be prepared for the installation and provision of FPMS services.
  • VM and DBMS configuration for Web/App services and data storage are required.

Regional Provision Status

FPMS can be provided in the following environment.

RegionAvailability
Western Korea(kr-west1)Provided
Korea East(kr-east1)Provided
South Korea 1(kr-south1)Not provided
South Korea, southern region 2(kr-south2)Not provided
South Korea southern region 3(kr-south3)Not provided
Table. FPMS Regional Provision Status

Preceding service

FPMS has no preceding service.

Release Note
How-to guides