Strata Cloud Manager
Pre-Change Policy Analysis
Table of Contents
Expand All
|
Collapse All
Strata Cloud Manager Docs
-
- Strata Copilot
- Command Center: Strata Cloud Manager
-
- Dashboard: Build a Custom Dashboard
- Dashboard: Executive Summary
-
- WildFire Dashboard: Filters
- WildFire Dashboard: Total Samples Submitted
- WildFire Dashboard: Analysis Insights
- WildFire Dashboard: Session Trends For Samples Submitted
- WildFire Dashboard: Verdict Distribution
- WildFire Dashboard: Top Applications Delivering Malicious Samples
- WildFire Dashboard: Top Users Impacted By Malicious Samples
- WildFire Dashboard: Top Malware Regions
- WildFire Dashboard: Top Firewalls
- Dashboard: DNS Security
- Dashboard: AI Runtime Security
- Dashboard: IoT Security
- Dashboard: Prisma Access
-
- Application Experience Dashboard: Mobile User Experience Card
- Application Experience Dashboard: Remote Site Experience Card
- Application Experience Dashboard: Experience Score Trends
- Application Experience Dashboard: Experience Score Across the Network
- Application Experience Dashboard: Global Distribution of Application Experience Scores
- Application Experience Dashboard: Experience Score for Top Monitored Sites
- Application Experience Dashboard: Experience Score for Top Monitored Apps
- Application Experience Dashboard: Application Performance Metrics
- Application Experience Dashboard: Network Performance Metrics
- Dashboard: Best Practices
- Dashboard: Compliance Summary
-
- Prisma SD-WAN Dashboard: Device to Controller Connectivity
- Prisma SD-WAN Dashboard: Applications
- Prisma SD-WAN Dashboard: Top Alerts by Priority
- Prisma SD-WAN Dashboard: Overall Link Quality
- Prisma SD-WAN Dashboard: Bandwidth Utilization
- Prisma SD-WAN Dashboard: Transaction Stats
- Prisma SD-WAN Dashboard: Predictive Analytics
- Dashboard: PAN-OS CVEs
- Dashboard: CDSS Adoption
- Dashboard: Feature Adoption
- Dashboard: On Demand BPA
- Manage: IoT Policy Recommendation
- Manage: Enterprise DLP
- Manage: SaaS Security
- Manage: Prisma Access Browser
- Reports: Strata Cloud Manager
-
-
- Strata Cloud Manager Release Information
-
- New Features in February 2025
- New Features in January 2025
- New Features in December 2024
- New Features in November 2024
- New Features in October 2024
- New Features in September 2024
- New Features in August 2024
- New Features in July 2024
- New Features in June 2024
- New Features in May 2024
- New Features in April 2024
- New Features in March 2024
- New Features in February 2024
- New Features in January 2024
- New Features in November 2023
- New Features in October 2023
- New Features in September 2023
- Known Issues
- Addressed Issues
- Getting Help
Pre-Change Policy Analysis
Describes the pre-change policy analysis.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
The Security policy rule Pre-Change analysis performs the new intent satisfaction
analysis:
- New Intent Satisfaction Analysis—Checks whether the intent of a new Security policy rule is already covered by an existing rule.
Before
you begin:
- Go to ManageSecurity PosturePolicy AnalyzerPre-change Policy Analysis.
- At the top of the Policy Analyzer page, select Cloud Manager for Strata Cloud Manager managed deployments or select a Panorama instance for Panorama managed deployments containing the policy rules that you need to analyze.
- Start a Security Policy Analysis.
Perform
the following steps to start a new analysis:
- Enter Analysis Name and Analysis Description.Here’s an image showing the Panorama deployment:Here’s an image showing the Strata Cloud Manager deployment:On a Panorama appliance, device groups are hierarchical. There are four levels of device groups that you can create and you assign NGFWs to the device group at the lowest level of the hierarchy. The policy that you create at a higher level is then inherited by all the device groups under it. You can run the analysis for up to 10 device groups with NGFWs directly assigned to them, which allows you to analyze all the policy rules that are pushed to that set of directly assigned NGFWs.For Strata Cloud Manager managed deployments, folders are hierarchical. The leaf folder or the final folder containing the devices are shown.
- Select an existing Security policy set to analyze.
- Specify the type of analysis by selecting one or more analysis types:
- New Intent Satisfaction Analysis
Add New Security Rule Intent for analysis.Specify information about the new security rule, and AIOps for NGFW can check if existing rules cover the intent.Enter the values for the components of a security policy rule. The default value for the fields related to a security rule is “Any.”Save the settings.Review the summary of the new security rule intent.You can create up to 10 new security rules, or you can copy a rule and edit it. - Submit Analysis Request or Save As Draft to edit the rule later.View the status of an analysis on the Policy Analyzer page under Analysis Requests.You can cancel a rule whose status is in-progress and it will be shown as Canceled.After the analysis is complete, view the analysis report.