Types of Anomalies that Policy Analyzer Detects

Describes the types of anomalies.
Policy Analyzer detects the following types of anomalies across your Security policy rulebase:
  • Shadows—Rules that are never used because a higher priority rule covers the same traffic.
    Security policy rules are evaluated in the rulebase from the top down so shadows are created when a rule with a higher priority in your rulebase matches the same traffic that a lower priority rule matches but the same is not true the other way around and the rules are configured with a different action. If you remove the lower priority rule, the action does not change.
  • Redundancies—Two or more rules that match the same traffic and they result in the same action.
  • Generalizations—When a rule lower in the rulebase matches the traffic of a rule higher in the rulebase, but not the other way around, and the rules take a different action. If the order of the two policies are reversed, the security posture is impacted.
  • Correlations—Rules that correlate with another rule when one rule matches some packets of the other rule but results in a different action. If the order of the two rules are reversed, the security posture is impacted.
  • Consolidations—Rules that you can consolidate into a single rule because the action is the same and only one attribute is different. You can merge the rules into a single rule by modifying the attributes of one of the rules and delete the others.

Recommended For You