Pre-Change Policy Analysis
Focus
Focus
Strata Cloud Manager

Pre-Change Policy Analysis

Table of Contents

Pre-Change Policy Analysis

Describes the pre-change policy analysis.
Where Can I Use This?What Do I Need?
The Security policy rule Pre-Change analysis performs the new intent satisfaction analysis:
  • New Intent Satisfaction Analysis—Checks whether the intent of a new Security policy rule is already covered by an existing rule.
Before you begin:
  1. Go to ManageSecurity PosturePolicy AnalyzerPre-change Policy Analysis.
  2. At the top of the Policy Analyzer page, select Cloud Manager for Strata Cloud Manager managed deployments or select a Panorama instance for Panorama managed deployments containing the policy rules that you need to analyze.
  3. Start a Security Policy Analysis.
Perform the following steps to start a new analysis:
  1. Enter Analysis Name and Analysis Description.
    Here’s an image showing the Panorama deployment:
    Here’s an image showing the Strata Cloud Manager deployment:
    On a Panorama appliance, device groups are hierarchical. There are four levels of device groups that you can create and you assign NGFWs to the device group at the lowest level of the hierarchy. The policy that you create at a higher level is then inherited by all the device groups under it. You can run the analysis for up to 10 device groups with NGFWs directly assigned to them, which allows you to analyze all the policy rules that are pushed to that set of directly assigned NGFWs.
    For Strata Cloud Manager managed deployments, folders are hierarchical. The leaf folder or the final folder containing the devices are shown.
  2. Select an existing Security policy set to analyze.
  3. Specify the type of analysis by selecting one or more analysis types:
    • New Intent Satisfaction Analysis
    Add New Security Rule Intent for analysis.
    Specify information about the new security rule, and AIOps for NGFW can check if existing rules cover the intent.
    Enter the values for the components of a security policy rule. The default value for the fields related to a security rule is “Any.”
    Save the settings.
    Review the summary of the new security rule intent.
    You can create up to 10 new security rules, or you can copy a rule and edit it.
  4. Submit Analysis Request or Save As Draft to edit the rule later.
    View the status of an analysis on the Policy Analyzer page under Analysis Requests.
    You can cancel a rule whose status is in-progress and it will be shown as Canceled.
    After the analysis is complete, view the analysis report.