Provides information about post-change policy analysis.
If your AIOps for NGFW app has been updated to give you the new Strata Cloud Manager management experience, visit these docs instead. Here's how to switch between
the two AIOps for NGFW guides based on the interface you're using:
When you commit a configuration on Panorama,
it is available for analysis through the plug-in to AIOps for NGFW. Policy
Analyzer analyzes this configuration for shadows, redundancies and
other anomalies, and the results are available for review in
Shows the summary of the analysis across all the policy
sets, that is, all the device groups with NGFWs directly assigned
to them. You can view all the anomalies or the anomalies based on
high priority. Note that the values in this report show the unique
number of anomalies found in all the device groups. The colors in
the chart indicate the different types of anomalies.
Timestamps for analysis that includes:
Existing
security policy snapshot - Timestamp when the configuration was
marked as running in Panorama after a commit.
Analysis start time
Analysis was complete
Time to complete analysis
View status of the security policy and the number of anomalies
for every policy.
View breakdown of anomalies for a selected security policy.
View anomaly details for every rule in a security policy.
View attributes of a selected rule and the details of the
anomaly.
This
image shows an example of the redundancy anomaly. In this example,
the BND rule is already covered by another BND Users rule. Therefore,
you can remove the BND rule.
View the suggested next steps to remediate an anomaly.
This image shows an example of the redundancy anomaly. In this example, the BND rule is already covered by another BND Users rule. Therefore, you can remove the BND rule.