Test Security Rules (Strata Cloud Manager)
Focus
Focus
Network Security

Test Security Rules (Strata Cloud Manager)

Table of Contents


Test Security Rules (Strata Cloud Manager)

Test the traffic policy matches of your configuration.
Updates to your Security rules are often time-sensitive and require you to act quickly. However, you want to ensure that any update you make to your Security policy rulebase meets your requirements and does not introduce errors or misconfigurations (such as changes that result in duplicate or conflicting rules).
Policy Analyzer in Strata Cloud Manager enables you to optimize time and resources when implementing a change request. Policy Analyzer not only analyzes and provides suggestions for possible consolidation or removal of specific rules to meet your intent but also checks for anomalies, such as Shadows, Redundancies, Generalizations, Correlations and Consolidations in your rulebase.
Use Policy Analyzer to analyze your Security rules both before and after you commit your changes.
  • Pre-Change Policy Analysis—Enables you to evaluate the impact of a new rule so you can compare that to your intent for that rule and ensure that it does not duplicate or conflict with existing rules before you commit to avoid security rule inflation. You can also run a Security Policy Anomaly Analysis to check for shadows, redundancies, generalizations, correlations and consolidations.
  • Post-Change Policy Analysis—Enables you to clean the existing rulebase by identifying shadows, redundancies, and other anomalies that have accumulated over time.
You can also use Policy Analyzer to add or optimize your Security policy rulebase.
  • Before adding a new rule—Check to see if new rules need to be added. Policy Analyzer recommends how best to change your existing Security policy rules to meet your requirements without adding another rule, if possible.
  • Streamline and optimize your existing rulebase—See where you can update your rules to minimize bloat and eliminate conflicts and also to ensure that traffic enforcement aligns with the intent of your Security policy rulebase.