Identify and remove unused configuration objects and policy rules.
Where Can I Use
This?
What Do I Need?
Prisma Access (Managed by Strata Cloud Manager)
NGFW (Managed by Strata Cloud Manager)
VM-Series, funded with Software NGFW Credits
Prisma Access
license or
AIOps for NGFW Premium license (use the Strata Cloud Manager app)
Use Config Cleanup to identify and remove unused configuration objects and policy
rules from your
Strata Cloud Manager
configuration. Removing unused configuration
objects eases firewall administration by removing clutter and preserving only the
configuration objects that are required for security enforcement.
Log in to
Strata Cloud Manager
.
Select
Manage
Security Posture
Config Cleanup
.
Select the unused objects and policy rules across your entire
Strata Cloud Manager
configuration for the last 6 months.
Policy Rules to Optimize
—Click to review the
policy rules that are overly permissive rules to convert these to be
more specific, focused rules that only allow the applications you’re
actually using.
Unused Objects (Past 6 Months)
—All
configuration objects that went unused in any configuration or
policy rule in the past 6 months.
Zero Hit Objects (Past 6 Months)
—Policy rules
with configuration objects where the configuration object in the
policy rule receives zero hits.
Configuration objects listed here have received zero hits only in the
policy rules that they’re associated with. Their usage might receive
hits in the other policy rules they’re used in.
Zero Hit Rules (Past 6 Months)
—All policy
rules that have had zero traffic matches in the past 6 months.
Apply additional filters to target specific unused objects and policy
rules.
Add New Filter
is supported for
Unused
Objects (Past 6 Months
) and
Zero Hit Policy Rules
(Past 6 Months)
.
Unused Objects (Past 6 Months)
—You can filter and
Delete
unused objects based on:
Name
—Search for and select a specific
configuration object name.
Location
—Configuration scope the
configuration object name was created in.
Object Type
—Configuration object type.
Days Unused
—The number of days the
configuration object went used.