Manage: Config Cleanup
Focus
Focus
Strata Cloud Manager

Manage: Config Cleanup

Table of Contents

Manage: Config Cleanup

Identify and remove unused configuration objects and policy rules.
Where Can I Use This?
What Do I Need?
  • Prisma Access (Cloud Management)
  • NGFW (Cloud Managed)
  • VM-Series, funded with Software NGFW Credits
  • Prisma Access
    license or
    AIOps for NGFW Premium license (use the Strata Cloud Manager app)
Use Config Cleanup to identify and remove unused configuration objects and policy rules from your
Strata Cloud Manager
configuration. Removing unused configuration objects eases firewall administration by removing clutter and preserving only the configuration objects that are required for security enforcement.
  1. Log in to
    Strata Cloud Manager
    .
  2. Select
    Manage
    Security Posture
    Config Cleanup
    .
  3. Select the unused objects and policy rules across your entire
    Strata Cloud Manager
    configuration for the last 6 months.
    • Policy Rules to Optimize
      —Click to review the policy rules that are overly permissive rules to convert these to be more specific, focused rules that only allow the applications you’re actually using.
    • Unused Objects (Past 6 Months)
      —All configuration objects that went unused in any configuration or policy rule in the past 6 months.
    • Zero Hit Objects (Past 6 Months)
      —Policy rules with configuration objects where the configuration object in the policy rule receives zero hits.
      Configuration objects listed here have received zero hits only in the policy rules that they’re associated with. Their usage might receive hits in the other policy rules they’re used in.
    • Zero Hit Rules (Past 6 Months)
      —All policy rules that have had zero traffic matches in the past 6 months.
  4. Apply additional filters to target specific unused objects and policy rules.
    Add New Filter
    is supported for
    Unused Objects (Past 6 Months
    ) and
    Zero Hit Policy Rules (Past 6 Months)
    .
    • Unused Objects (Past 6 Months)
      —You can filter and
      Delete
      unused objects based on:
      • Name
        —Search for and select a specific configuration object name.
      • Location
        —Configuration scope the configuration object name was created in.
      • Object Type
        —Configuration object type.
      • Days Unused
        —The number of days the configuration object went used.
        • < 50
          —Less than 50 days unused.
        • >= 50, <=100
          —Between 50 and 100 days unused.
        • < 50
          —More than 100 days unused.
    • Zero Hit Policy Rules (Past 6 Months)
      —You can filter and
      Enable
      ,
      Disable
      , or
      Delete
      zero hit policy rules based on the
      Name
      ,
      Days with Zero Hits
      , or any of the
      Source
      and
      Destination
      data.

Recommended For You