Checks whether Cloud Firewall contains no control policy that matches the conditions specified by the input parameters of this rule.

Scenarios

You can configure control policies based on the principle of least privilege in Cloud Firewall to reduce network exposure and protect cloud network security.

Risk level

Default risk level: high.

You can change the risk level as required when you apply this rule.

Compliance evaluation logic

  • If Cloud Firewall contains no control policy that matches the conditions specified by the input parameters of this rule, the evaluation result is compliant.
  • If Cloud Firewall contains a control policy that matches the conditions specified by the input parameters of this rule, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.

Rule details

Item Description
Rule name cloud-fire-wall-no-matched-control-policy
Rule ID cloud-fire-wall-no-matched-control-policy
Tag CloudFireWall and ControlPolicy
Automatic remediation Not supported
Trigger type Periodic execution
Time interval 24 hours
Supported resource type None
Input parameters
  • aclAction
  • destination
  • direction
  • proto
  • source

Non-compliance remediation

Configure an access control policy in Cloud Firewall. For more information, see Create access control policies for outbound and inbound traffic on the Internet firewall.