Manage: Policy Analyzer
Analyze your rulebase for anomalies and get suggestions for possible consolidation or
removal of specific rules.
| Where Can I Use This? | What Do I Need? |
|---|
Updates to your Security policy rules are often time-sensitive and require
you to act quickly. However, you want to ensure that any update you make to your
security policy rulebase meets your requirements and does not introduce errors or
misconfigurations (such as changes that result in duplicate or conflicting rules).
To achieve this, the Policy Analyzer feature in Strata Cloud Manager enables you to
optimize time and resources when implementing a change request. Policy Analyzer not only
analyzes and provides suggestions for possible consolidation or removal of specific
rules to meet your intent but also checks for anomalies, such as Shadows, Redundancies,
Generalizations, Correlations, and Consolidations in your rulebase.
Use Policy Analyzer to add or optimize your Security policy rulebase.
Before adding a new rule—Check to see if new rules need to be added.
Policy Analyzer recommends how best to change your existing Security policy
rules to meet your requirements without adding another rule, if possible.
Streamline and optimize your existing rulebase—See where you can update
your rules to minimize bloat and eliminate conflicts and also to ensure that
traffic enforcement aligns with the intent of your Security policy rulebase.
Analyze your Security policy rules both before and after you commit your changes.
Pre-Change Policy Analysis—Enables you to evaluate the impact of a new
rule and analyze the intent of the new rules against the rules that already
exist to recommend how to best meet the intent.
Post-Change Policy Analysis—Enables you to clean the existing rulebase by
identifying Shadows, Redundancies, and other anomalies that have accumulated
over time.
Policy Analyzer supports both Strata Cloud Manager and Panorama deployments. See
Policy Analyzer to learn more.
