Next-Generation Firewall
Post-Change Policy Analysis
Table of Contents
Post-Change Policy Analysis
Provides information about post-change policy analysis.
Where Can I Use This? | What Do I Need? |
|---|---|
|
|
When you commit a configuration on Panorama, it's available for analysis through the
plugin to Strata Cloud Manager. Policy Analyzer analyzes this configuration for Shadows,
Redundancies and other anomalies, and the results are available for review in .
You can view the following information:
- Shows the summary of the analysis across all the policy sets, that is, all the device groups with NGFWs directly assigned to them. You can view the anomalies or the anomalies based on high priority. The values in this report show the unique number of anomalies found in all the device groups. The colors in the chart indicate the different types of anomalies.
- Timestamps for analysis that includes:
- Existing Security policy snapshot - Timestamp when the configuration was marked as running in Panorama after a commit.
- Time analysis started
- Time analysis finished
- Time it took to complete the analysis
- View the status of the Security policy and the number of anomalies for every policy.
- View a breakdown of anomalies for a selected Security policy.
- View anomaly details for every rule in a Security policy.
- View the attributes of a selected rule and the details of the anomaly.
This image shows an example of the redundancy anomaly. In this example, the BND rule is already covered by another BND Users rule. Therefore, you can remove the BND rule. - View the suggested next steps to remediate an anomaly.