The page has been translated by Gen AI.

Overview

Service Overview

FPMS (Firewall Policy Management System) is an automated firewall operation service designed to efficiently and securely manage firewalls across various cloud environments. It automates all processes that operators currently perform manually, eliminating human errors and failures, and reducing users’ service lead time.

Features

  • Failure Prevention: Prevent human errors that can occur when manually registering firewall policies, and verify that the IP and Port information in the request conforms to proper syntax and structure, converting it to correct data to proactively prevent failures.
  • Operational Convenience Improvement: It automates the application of firewall policies and provides a function that replicates a requested policy to another firewall for redundancy. By leveraging the firewall policy expiration feature offered by FPMS, policies can be limited to a specific period, and features such as automatic deletion of disabled policies help reduce the workload of operational personnel.
  • Firewall Policy Optimization: Use an optimization algorithm for the requested firewall policy to optimize the firewall policy. Also, by checking for duplicate or permanent policies, you can prevent the application of unnecessary rules.
  • Continuous Security Enhancement: Analyze excessive open policies and expired or unmanaged policies, quantify diagnostic scores by category, and easily identify vulnerability status. Additionally, you can continuously strengthen security through the vulnerability remediation guide.

Service Architecture Diagram

Architecture diagram
Figure. FPMS architecture diagram

Provided features

FPMS provides the following features.

  • Policy Management
    • Policy change history management and real-time monitoring
    • Policy search and policy expiration management
  • Automatic Policy Registration
    • Application data consistency check and automatic conversion
    • Network operation/security standard inspection and conversion
    • Automatic rule creation and application based on firewall vendor characteristics
  • Policy Optimization
    • Remove duplicate policy address/port/protocol
    • Policy pattern analysis optimization
    • Unused/Expired/Duplicate Policy Analysis
  • Policy Security Analysis
    • Provide security index results for each firewall policy
    • Report risk status after similarity analysis of application information and policy

Component

Firewall

FPMS can register and manage firewalls that are currently in operation.

  • Before registering a firewall, you need to confirm that it is compatible (check manufacturer, model name, OS version).
  • FPMS uses the API to connect to firewall devices to insert policies or retrieve information. To do this, firewall operators must create an integration account on the firewall device and configure the API or verify information so that access is possible.

Firewall Application System

To retrieve firewall application data, FPMS must be integrated with the application system.

Constraints

The constraints of the FPMS service are as follows. Please be sure to review the constraints below before use and incorporate them into your service usage plan.

  • Separate infrastructure must be prepared for the installation and service provision of FPMS.
  • A VM for web/app services and a DBMS configuration for data storage are required.

Provision status by region

FPMS is available in the following environments.

RegionProvision status
Korea West (kr-west1)Provided
Korea East (kr-east1)Provided
South Korea South 1 (kr-south1)Not provided
South Korea South 2 (kr-south2)Not provided
South Korea South 3 (kr-south3)Not provided
Table. FPMS regional availability status

Prior Service

FPMS has no prior service.

Release Note
How-to guides