Test the traffic policy matches of your configuration.
Updates to your Security rules are often time-sensitive and
require you to act quickly. However, you want to ensure that any update you make to
your Security policy rulebase meets your requirements and does not introduce errors
or misconfigurations (such as changes that result in duplicate or conflicting
rules).
Policy Analyzer in
Strata Cloud Manager enables you to optimize time and resources when
implementing a change request. Policy Analyzer not only analyzes and provides
suggestions for possible consolidation or removal of specific rules to meet your
intent but also checks for anomalies, such as Shadows, Redundancies,
Generalizations, Correlations and Consolidations in your rulebase.
Use
Policy Analyzer to analyze your Security rules both before and after you commit your changes.
- Pre-Change Policy Analysis—Enables you to evaluate the impact of a new
rule so you can compare that to your intent for that rule and ensure that it
does not duplicate or conflict with existing rules before you commit to avoid
security rule inflation. You can also run a Security Policy Anomaly Analysis to
check for shadows, redundancies, generalizations, correlations and
consolidations.
- Post-Change Policy Analysis—Enables you to clean the existing rulebase by
identifying shadows, redundancies, and other anomalies that have accumulated
over time.
You can also use Policy Analyzer to add or optimize your Security policy rulebase.
-
Before adding a new rule—Check to see if new rules need to be added.
Policy Analyzer recommends how best to change your existing Security policy
rules to meet your requirements without adding another rule, if
possible.
-
Streamline and optimize your existing rulebase—See where you can
update your rules to minimize bloat and eliminate conflicts and also to
ensure that traffic enforcement aligns with the intent of your Security
policy rulebase.
