The Security policy rule Pre-Change analysis performs the new intent satisfaction
analysis:
New Intent Satisfaction
Analysis—Checks whether the intent of a new Security policy
rule is already covered by an existing rule.
Before
you begin:
Go to ManageSecurity PosturePolicy AnalyzerPre-change Policy Analysis.
At the top of the Policy Analyzer page, select the Panorama
instance containing the policy rules that you need to analyze.
Start a Security Policy Analysis.
Perform
the following steps to start a new analysis:
Enter Analysis Name and Analysis
Description.
On
a Panorama appliance, device groups are hierarchical. There are
four levels of device groups that you can create and you assign NGFWs
to the device group at the lowest level of the hierarchy. The policy
that you create at a higher level is then inherited by all the device
groups under it.
You can run the analysis for up to 10 device groups with NGFWs directly assigned to them, which
allows you to analyze all the policy rules that are pushed to that set of
directly assigned NGFWs.
Select an existing Security policy set to analyze.
You can select a maximum of 10 device groups per analysis.
Specify the type of analysis by selecting one or more
analysis types:
New Intent Satisfaction Analysis
Add
New Security Rule Intent for analysis.
Specify
information about the new security rule, and AIOps for NGFW can
check if existing rules cover the intent.