When you commit a configuration on Panorama, it's available for analysis through the
plugin to Strata Cloud Manager. Policy Analyzer analyzes this configuration for Shadows,
Redundancies and other anomalies, and the results are available for review in ManageSecurity PosturePolicy AnalyzerPost-change Policy Analysis.
You can view the following information:
Shows the summary of the analysis across all the policy sets, that is, all the device groups with
NGFWs directly assigned to them. You can view the anomalies or the anomalies
based on high priority. The values in this report show the unique number of
anomalies found in all the device groups. The colors in the chart indicate the
different types of anomalies.
Timestamps for analysis that includes:
Existing Security policy snapshot - Timestamp when the configuration was marked as running in
Panorama after a commit.
Time analysis started
Time analysis finished
Time it took to complete the analysis
View the status of the Security policy and the number of anomalies for every policy.
View a breakdown of anomalies for a selected Security policy.
View anomaly details for every rule in a Security policy.
View the attributes of a selected rule and the details of the anomaly.
This
image shows an example of the redundancy anomaly. In this example,
the BND rule is already covered by another BND Users rule. Therefore,
you can remove the BND rule.
View the suggested next steps to remediate an anomaly.