CFW Instances Have Protection Policies Attached
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
cfw-policy-not-empty |
|
Identifier |
CFW Instances Have Protection Policies Attached |
|
Description |
If a CFW instance does not have a protection policy attached, this instance is non-compliant. |
|
Tag |
cfw |
|
Trigger Type |
Configuration change |
|
Filter Type |
cfw.cfw_instance |
|
Rule Parameters |
None |
Application Scenarios
After protection is enabled, CFW allows all traffic by default. You need to configure appropriate access control policies to manage and control traffic between internal servers and the Internet, prevent internal threats from spreading, and increase the depth of security strategies. For details, see Configuring Protection Rules to Block or Allow Internet Border Traffic. You can configure protection rules in the following scenarios:
- Protect the traffic of public network assets at the Internet border.
- Protect the traffic of private network assets at the Internet border.
- Protect the access traffic between VPCs, or between a VPC and an IDC.
Solution
Configure protection rules for your CFW instances.
Rule Logic
- If protection rules are configured for a CFW instance, this instance is compliant.
- If no protection rules are configured for a CFW instance, this policy is non-compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
