Strata Cloud Manager
Post-Change Policy Analysis
Table of Contents
Post-Change Policy Analysis
Provides information about post-change policy analysis.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Strata Cloud Manager analyzes device configurations as soon as you push them,
detecting anomalies. It also performs an analysis every 4 hours. For Panorama managed
configurations, Strata Cloud Manager performs the analysis when you commit the
configuration on Panorama. Policy Analyzer analyzes this configuration for Shadows,
Redundancies and other anomalies, and the results are available for review in .
You can view the following information:
- Shows the summary of the analysis across all the policy sets, that is, all the device groups with NGFWs directly assigned to them. You can view the anomalies or the anomalies based on high priority. The values in this report show the unique number of anomalies found in all the device groups. The colors in the chart indicate the different types of anomalies.
![]()
- Timestamps for analysis that includes:
- Existing Security policy snapshot - The timestamp for when the configuration was marked as running in Panorama following a commit, or the timestamp for when the configuration was marked as running in Strata Cloud Manager after a push.
- Time analysis started
- Time analysis finished
- The time it took to complete the analysis
- View the status of the Security policy and the number of anomalies for every policy.
- View a breakdown of anomalies for a selected Security policy.
- View anomaly details for every rule in a Security policy.
![]()
- View the attributes of a selected rule and the details of the anomaly.
![]()
This image shows an example of the redundancy anomaly. In this example, the BND rule is already covered by another BND Users rule. Therefore, you can remove the BND rule. - View the suggested next steps to remediate an anomaly.
