Pre-Change Policy Analysis

1. Enter Analysis Name and Analysis Description.

   Here’s an image showing the Panorama deployment:

   Here’s an image showing the Strata Cloud Manager deployment:

   On a Panorama appliance, device groups are hierarchical. There are four levels of device groups that you can create and you assign NGFWs to the device group at the lowest level of the hierarchy. The policy that you create at a higher level is then inherited by all the device groups under it. You can run the analysis for up to 10 device groups with NGFWs directly assigned to them, which allows you to analyze all the policy rules that are pushed to that set of directly assigned NGFWs.

   For Strata Cloud Manager managed deployments, folders are hierarchical. The leaf folder or the final folder containing the devices are shown.
2. Select an existing Security policy set to analyze.
3. Specify the type of analysis by selecting one or more analysis types:

   • New Intent Satisfaction Analysis

   Add New Security Rule Intent for analysis.

   Specify information about the new security rule, and AIOps for NGFW can check if existing rules cover the intent.

   Enter the values for the components of a security policy rule. The default value for the fields related to a security rule is “Any.”

   Save the settings.

   Review the summary of the new security rule intent.

   You can create up to 10 new security rules, or you can copy a rule and edit it.
4. Submit Analysis Request or Save As Draft to edit the rule later.

   View the status of an analysis on the Policy Analyzer page under Analysis Requests.

   You can cancel a rule whose status is in-progress and it will be shown as Canceled.

   After the analysis is complete, view the analysis report.