If your AIOps for NGFW app has been updated to give you the new Strata Cloud Manager management experience, visit these docs instead. Here's how to switch between
the two AIOps for NGFW guides based on the interface you're using:
Updates to your Security policy rules
are often time sensitive and require you to act quickly. However,
you want to ensure that any update you make to your security policy
rules meets your requirements and does not introduce errors or misconfigurations
(such as changes that result in duplicate or conflicting rules).
To overcome these challenges, Policy Analyzer in AIOps for next-generation firewalls (NGFW) enables you
to optimize time and resources when implementing a change request. Policy Analyzer not
only analyzes and provides suggestions for possible consolidation or removal of specific
rules to meet your intended Security posture but it also checks for anomalies, such as
shadows, redundancies, generalizations, correlations, and consolidations in your
rulebase.
Use Policy Analyzer to add or optimize your Security policy rules.
Add a new rule
—Check to see if new rules need
to be added. If not, Policy Analyzer recommends how best to change
your existing Security policy rules to meet your requirements without
adding another rule.
Streamline and optimize your existing rulebase
—See
where you can update your rules to minimize bloat and eliminate
conflicting rules and also to ensure that traffic enforcement aligns
with the intention of your Security policy rules.
Analyze your Security policy rules both before and after you
commit your changes.
Pre-Change Policy Analysis
—Enables you to evaluate
the impact of a new rule so you can compare that to your intent
for that rule and ensure that it does not duplicate or conflict
with existing rules before you commit to avoid policy rule inflation.
You can also run a Security Policy Anomaly Analysis to check for
shadows, redundancies, generalizations, correlations and consolidations.
Post-Change Policy Analysis
—Enables you to clean the
existing rulebase by identifying shadows, redundancies, and other
anomalies that have accumulated over time.
Policy Analyzer requires the AIOps Plugin 1.1.0
on your Panorama appliance.
Policy Analyzer requires Panorama 10.2.3 or a later version.
