What Is Firewall Manager?
Firewall Manager(FWM) is a security policy management product. It supports centralized management of security policies across multiple accounts, products, and regions, ensuring the consistency and efficient enforcement of policies across the entire network. The product supports intelligent analysis to identify rule redundancy, conflicts, and invalid configurations, and provides optimization suggestions, effectively improving rule quality and management efficiency.
Advantages of Firewall Manager
1. Full-stack rule management
It supports unified management and automated deployment of rules across regions, accounts, and products. This enables centralized control of all policies, ensures Ops consistency, and reduces management costs in complex environments.
2. Intelligent rule analysis
It accurately identifies redundant, conflicting, or invalid policies, provides optimization suggestions, and enhances protection efficiency and resource utilization.
Rules for Which Products Can Be Managed by Firewall Manager
Firewall Manager currently supports the management of enterprise security group and VPC security group rules (the current edition of Enterprise Security Group supports the following asset types: VPC, Subnet, CVM, ENI, CLB, TDSQL, TDSQL-C, MySQL, MariaDB, SQL Server, PostgreSQL, Redis, MongoDB, and Lighthouse).
What Is an Enterprise Security Group?
Enterprise Security Group uses a visual rule configuration based on a four-tuple (source + destination + destination port + protocol). It automatically distributes and deploys security group policies by leveraging an intelligent conversion algorithm, effectively simplifying the configuration process and reducing Ops costs.
Advantages of Enterprise Security Groups
1. When a rule is configured, one inbound rule and one outbound rule are automatically generated.
2. The concepts of inbound and outbound rule directions are eliminated. You only need to define the access source and destination to complete rule configuration.
3. The regional restriction is removed. All rules are displayed on a single page, making Ops management more convenient.
4. Options such as IP/CIDR and region have been added to the configuration items. These options are displayed in a symmetrical arrangement and can be combined arbitrarily.
5. When an IP address is configured for a new access source or destination, the corresponding instance is automatically matched.