Types of Anomalies that Policy Analyzer Detects
Focus
Focus
Next-Generation Firewall

Types of Anomalies that Policy Analyzer Detects

Table of Contents


Types of Anomalies that Policy Analyzer Detects

Describes the types of anomalies.
Where Can I Use This?
What Do I Need?
  • NGFW (Panorama Managed)
  • VM-Series, funded with Software NGFW Credits
    (Panorama Managed)
  • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
Policy Analyzer detects the following types of anomalies across your Security policy rulebase:
  • Shadows—Rules that are not hit because a rule higher in the rulebase covers the same traffic.
    Security policy rules are evaluated in the rulebase from the top down so shadows are created when a rule higher in the rulebase matches the same traffic that a rule lower in order matches and the rules are configured with a different action. If you remove the rule lower in order, the security policy does not change.
  • Redundancies—Two or more rules that match the same traffic and are configured with the same action.
  • Generalizations—When a rule lower in the rulebase matches the traffic of a rule higher in the rulebase, but not the other way around, and the rules take a different action. If the order of the two policies is reversed, the security policy is impacted.
  • Correlations—Rules that correlate with another rule when one rule matches some packets of the other rule but results in a different action. If the order of the two rules is reversed, the security policy is impacted.
  • Consolidations—Rules that you can consolidate into a single rule because the action is the same and only one attribute is different. You can merge the rules into a single rule by modifying the attributes of one of the rules and deleting the others.


Recommended For You