Select Page

Dec 14, 2020

Agile Configurations for Hillstone NGFW Policy Management


For many organizations, network resources must expand or contract rapidly to meet changing business requirements. The COVID-19 pandemic caused a massive shift to remote working, for example, but natural disasters, seasonal demands and other variations in workloads can necessitate similar modifications.

For network admins charged with maintaining security policies, these fluctuations in users and resources can greatly complicate policy management and enforcement, which are vital defenses against network misuse or attack. Onboarding of multiple new hires, for example, places a large workload on IT staff, but can introduce new attack vectors if not adequately secured.

The Need for Agile Configurations

In order to meet the changing needs of organizations as they expand or contract, or as business requirements fluctuate, IT managers need an agile, flexible means of applying, enforcing and maintaining strong security policies.

Ideally, this solution will allow IT staff to flexibly group or prioritize a hierarchy of policies. In addition, dynamic and automatic assignment of user policies from the moment of authentication will allow rapid onboarding while ensuring policy enforcement.

Hillstone’s latest StoneOS, version 5.5R8, includes more than a hundred new features and enhancements for E-Series and T-Series next-gen firewalls, X-Series next-gen data center firewalls, and CloudEdge next-gen virtual firewalls. Included among these features are agile, aggregate configuration capabilities to streamline both policy management and enforcement; flexible, dynamic user authorization; and more. A short technical demo is available.

For IT and security managers, the latest enhancements for Hillstone NGFWs offer new ways to easily respond to and manage fluctuations in staffing and network resources as needed.

Key New Features for Policy Configuration

  • Aggregate Policies: This capability provides a flexible and powerful tool for IT staff to define policy for groups, and then prioritize policies in batches based on requirements. These enhanced aggregation strategy groups support prioritization, sequential adjustment, and refinement as a block (or group), easing IT workloads Without compromising security policies.
  • RADIUS Dynamic Authorization: By leveraging RADIUS CoA (Change of Authorization) messages, aggregate policies intended for authenticated users can be automatically issued to Hillstone firewalls in the network. For example, if a remote worker is using an SSL VPN solution to connect to the network, during authentication the RADIUS server issues user policies to the NGFW, then deletes the policies when the user goes offline. This capability dramatically simplifies configuration and reduces operational overhead.
  • Importing/Exporting Policy Rules: Importing and exporting of policies allows IT admins to convert policies into files for easier reading. In addition, the files can be backed up locally and restored or recovered to the system after a potential failure simply by importing the policy file. Policy files can also be uploaded to other Hillstone NGFWs if needed. This feature significantly reduces complexity and saves operational and maintenance time required through backups.
  • Configuration Enhancements for Service Rules of the Policies: These enhancements reduce complexity for DevOps by opening RESTful APIs and allowing direct configuration of ports and protocols within a given Service Rule.

Hillstone next-gen, data center and virtual firewalls offer a rich set of protections, controls and policy enforcement that give IT managers a strong arsenal with which to defend against attack, infiltration and other threats. With the new, agile policy configuration and dynamic authorization capabilities included in StoneOS 5.5R8, it’s even easier for IT staff to ensure appropriate policy enforcement when business requirements fluctuate.

Find Out More About the Latest StoneOS Today!

Hillstone StoneOS 5.5R8 includes more than a hundred upgrades and enhancements to provide the most comprehensive, agile, reliable and easy-to-use security solution for enterprise data centers. These capabilities are available for the enterprise Hillstone E- or T-Series NGFWs, X-Series data center firewalls, and the Hillstone CloudEdge virtual NGFWs in the data center or cloud. These security platforms provide future-proof protection and an intuitive user interface from the edge to the cloud.

Ensure agile policy enforcement, high performance, reliability and availability for your data center by upgrading today. You can learn more about the latest StoneOS release in the Hillstone Resources section of our website, or by contacting us.