Post-Change Policy Analysis

Table of Contents

Post-Change Policy Analysis

Provides information about post-change policy analysis.

Where Can I Use This?	What Do I Need?
NGFW (Panorama Managed) `VM-Series, funded with Software NGFW Credits` (Panorama Managed) `Prisma Access (Managed by Panorama)`	AIOps for NGFW Premium or Strata Cloud Manager Pro Panorama CloudConnector Plugin for Panorama managed deployments

When you commit a configuration on Panorama, it's available for analysis through the plugin to Strata Cloud Manager. Policy Analyzer analyzes this configuration for Shadows, Redundancies and other anomalies, and the results are available for review in ManageSecurity PosturePolicy AnalyzerPost-change Policy Analysis.

You can view the following information:

Shows the summary of the analysis across all the policy sets, that is, all the device groups with NGFWs directly assigned to them. You can view the anomalies or the anomalies based on high priority. The values in this report show the unique number of anomalies found in all the device groups. The colors in the chart indicate the different types of anomalies.
Timestamps for analysis that includes:
- Existing Security policy snapshot - Timestamp when the configuration was marked as running in Panorama after a commit.
- Time analysis started
- Time analysis finished
- Time it took to complete the analysis
View the status of the Security policy and the number of anomalies for every policy.
View a breakdown of anomalies for a selected Security policy.
View anomaly details for every rule in a Security policy.
View the attributes of a selected rule and the details of the anomaly.

This image shows an example of the redundancy anomaly. In this example, the BND rule is already covered by another BND Users rule. Therefore, you can remove the BND rule.
View the suggested next steps to remediate an anomaly.