Policy Analyzer

Provides an overview of Policy Analyzer.
Updates to your Security policy rules are often time sensitive and require you to act quickly. However, you want to ensure that any update you make to your security policy rules meets your requirements and does not introduce errors or misconfigurations (such as changes that result in duplicate or conflicting rules).
To overcome these challenges, Policy Analyzer in AIOps for next-generation firewalls (NGFW) enables you to optimize time and resources when implementing a change request. Policy Analyzer not only analyzes and provides suggestions for possible consolidation or removal of specific rules to meet your intended Security posture but it also checks for anomalies, such as shadows, redundancies, generalizations, correlations, and consolidations in your rulebase.
Use Policy Analyzer to add or optimize your Security policy rules.
  • Add a new rule
    —Check to see if new rules need to be added. If not, Policy Analyzer recommends how best to change your existing Security policy rules to meet your requirements without adding another rule.
  • Streamline and optimize your existing rulebase
    —See where you can update your rules to minimize bloat and eliminate conflicting rules and also to ensure that traffic enforcement aligns with the intention of your Security policy rules.
Analyze your Security policy rules both before and after you commit your changes.
  • Pre-Change Policy Analysis
    —Enables you to evaluate the impact of a new rule so you can compare that to your intent for that rule and ensure that it does not duplicate or conflict with existing rules before you commit to avoid policy rule inflation. You can also run a Security Policy Anomaly Analysis to check for shadows, redundancies, generalizations, correlations and consolidations.
  • Post-Change Policy Analysis
    —Enables you to clean the existing rulebase by identifying shadows, redundancies, and other anomalies that have accumulated over time.
  • Policy Analyzer requires the AIOps Plugin 1.1.0 on your Panorama appliance.
  • Policy Analyzer requires Panorama 10.2.3 or a later version.

Recommended For You