What Is FWM
FWM (Firewall Manager) is a security policy management product. It supports centralized management of security policies across multiple accounts, products, and regions, ensuring the consistency and efficient enforcement of policies across the entire network. The product supports intelligent analysis to identify rule redundancy, conflicts, and invalid configurations, and provides optimization suggestions, effectively improving rule quality and management efficiency.
Product Functions
Overview
The Overview page is the core control panel of FWM. It centrally displays key information such as Rule Management, Policy Analysis, Manage Firewall and Specification Info. It also provides quick operation entry points in each module, facilitating rapid policy deployment, policy health checks, specification scaling and renewal, and other operations:
Rule Management: It aggregates and displays the counts of successfully deployed/pending deployment/pending update/failed deployment for CFW access control rules, as well as the number of rule groups. This helps users quickly grasp the overall status of the rules.
Policy Analysis: It aggregates and displays the policy health check status and risk remediation status across multiple accounts, and supports one-click remediation.
Manage: It displays the number of managed accounts and supports one-click navigation to multi-account member management.
Firewall Specification Info: It displays CFW specification information, which includes specifications for managed-only accounts and shared accounts. The specification information covers instances, log storage capacity, rule quota management, and bandwidth alarms within the last 24 hours.
Rule Management
Rule Management / Rule Group
It supports the management of CFW policies across multiple accounts, covering internet boundary rules, NAT boundary rules, VPC boundary rules, and enterprise security group access control policies. This enables centralized policy control, ensures Ops consistency, and reduces management costs in complex environments.
Policy Analysis
Policy analysis supports in-depth analysis of existing enterprise security groups and their rules. It displays key information such as risk categories, risk levels, and rule classifications. It accurately identifies redundant, conflicting, and invalid rule configurations, provides optimization recommendations, and effectively improves product performance.
Mult Account Management
Member Management
It supports the onboarding of multi-account members and the configuration of account groups, CFW management switches, and CFW sharing roles. It also supports administrators or delegated administrators logging into and accessing CFW on behalf of members.
Specification Management
It supports the display of CFW specification information for shared accounts and managed-only accounts. This information includes specification usage details for instances, rules, storage, and other resources, as well as traffic bandwidth statistics.
Log Management
FWM provides operation logs. It supports filtering by time and viewing account operation history, which enhances the work efficiency of enterprise and network security administrators and reduces management costs.