Method and apparatus for analyzing firewall policy

摘要

A method for analyzing a firewall policy composed of a plurality of rules is presented. The firewall policy analysis method according to an embodiment of the present invention may include determining a type of a target IP address for each of a plurality of firewall rules, wherein the type of the target IP address includes an Internet type and an internal resource type; Among the plurality of firewall rules, the allowed effective range reflecting the overlapping range with the priority rejection action firewall rule is applied to the Internet-internal network communication based rule having the allowable action firewall rule and having the IP address of the Internet type as the target IP address. Determining and generating internet-internal network communication range information corresponding to the aggregation of the allowable validity ranges of the respective internet-internal network communication based rules.