Post-Change Policy Analysis

Provides information about post-change policy analysis.
When you commit a configuration on Panorama, it is available for analysis through the plug-in to AIOps for NGFW. Policy Analyzer analyzes this configuration for shadows, redundancies and other anomalies, and the results are available for review in
Posture > Posture Analyzer > Post-Change Policy Analysis
You can view the following information:
  1. Shows the summary of the analysis across all the policy sets, that is, all the device groups with NGFWs directly assigned to them. You can view all the anomalies or the anomalies based on high priority. Note that the values in this report show the unique number of anomalies found in all the device groups. The colors in the chart indicate the different types of anomalies.
  2. Timestamps for analysis that includes:
    • Existing security policy snapshot - Timestamp when the configuration was marked as running in Panorama after a commit.
    • Analysis start time
    • Analysis was complete
    • Time to complete analysis
  3. View status of the security policy and the number of anomalies for every policy.
  4. View breakdown of anomalies for a selected security policy.
  5. View anomaly details for every rule in a security policy.
  6. View attributes of a selected rule and the details of the anomaly.
    This image shows an example of the redundancy anomaly. In this example, the BND rule is already covered by another BND Users rule. Therefore, you can remove the BND rule.
  7. View the suggested next steps to remediate an anomaly.

Recommended For You