Focus

Next-Generation Firewall

Policy Analyzer

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 9.1
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1

Proactively Enforce Security Checks

Types of Anomalies that Policy Analyzer Detects

Policy Analyzer

Provides an overview of Policy Analyzer.

Where Can I Use This?	What Do I Need?
`NGFW (Cloud Managed)` `NGFW (PAN-OS or Panorama Managed)` `VM-Series, funded with Software NGFW Credits`	`AIOps for NGFW Premium license (use Strata Cloud Manager)`

Updates to your Security policy rules are often time sensitive and require you to act quickly. However, you want to ensure that any update you make to your security policy rules meets your requirements and does not introduce errors or misconfigurations (such as changes that result in duplicate or conflicting rules).

To overcome these challenges, Policy Analyzer in AIOps for next-generation firewalls (NGFW)

and Strata Cloud Manager

enables you to optimize time and resources when implementing a change request. Policy Analyzer not only analyzes and provides suggestions for possible consolidation or removal of specific rules to meet your intended Security posture but it also checks for anomalies, such as shadows, redundancies, generalizations, correlations, and consolidations in your rulebase.

Use Policy Analyzer to add or optimize your Security policy rules.

Add a new rule
—Check to see if new rules need to be added. If not, Policy Analyzer recommends how best to change your existing Security policy rules to meet your requirements without adding another rule.

Streamline and optimize your existing rulebase
—See where you can update your rules to minimize bloat and eliminate conflicting rules and also to ensure that traffic enforcement aligns with the intention of your Security policy rules.

Analyze your Security policy rules both before and after you commit your changes.

Pre-Change Policy Analysis
—Enables you to evaluate the impact of a new rule so you can compare that to your intent for that rule and ensure that it does not duplicate or conflict with existing rules before you commit to avoid policy rule inflation. You can also run a Security Policy Anomaly Analysis to check for shadows, redundancies, generalizations, correlations and consolidations.

Post-Change Policy Analysis
—Enables you to clean the existing rulebase by identifying shadows, redundancies, and other anomalies that have accumulated over time.

Policy Analyzer requires the AIOps Plugin 1.1.0 on your Panorama appliance.

Policy Analyzer requires Panorama 10.2.3 or a later version.

Proactively Enforce Security Checks

Types of Anomalies that Policy Analyzer Detects

Next-Generation Firewall Docs

Next-Generation Firewall

Policy Analyzer

Next-Generation Firewall Docs

Policy Analyzer

Recommended For You

Activation and Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner