Analysis, Remediation, and Reporting

The Policy Analyzer and Optimizer performs these services: analysis, remediation, and reporting.

Analysis

The Policy Analyzer and Optimizer polls cloud-delivered Firewall Management Center and on-prem management center for policies and displays them on the Policy Analyzer and Optimizer page. To open the Policy Analyzer and Optimizer page, navigate Tools & Services > Firewall Management Center, select Cloud-delivered FMC or any on-prem management center, and choose Policy Analyzer and Optimizer from the right pane. Alternatively, on the CDO left pane, choose Insights > Policy Analyzer and Optimizer. Choose Cloud-delivered FMC or any on-prem management center from the Showing policy for tab on the top-left corner.

When you have created a new access control policy or imported a policy, it will take a while for the Policy Analyzer and Optimizer to identify it, after which you can manaually trigger the policy analysis. You can also wait for the auto-analysis that occurs every 24 hours. When the analysis is done, Policy Analyzer and Optimizer provides insights on the number of rules in the policy, the percentage of the policy that can be optimized, and a detailed summary that contains information such as Rule Health Summary, Rule Last Usage, Rule Hits & Dead Rules, and so on.

Note

The Optimizable percentage under Observations column is an approximation of how many rules in the policies can be optimized if the suggested remediations are applied.

Remediation

The policy analysis summary describes the health of your security policy and lets you choose which remediations suggested by the Policy Analyzer and Optimizer you want to apply to your policies. Using the suggested remediations, you could either disable or delete Duplicate Rules, Overlapping Objects, Expired Rules and merge rules that have similar allow and block settings, which can be merged into a single rule. The hit count data is listed under the Policy Insights tab. You can Apply Remediation to make the chosen remediations get applied to your policies.

Reporting

A detailed report is available for an analyzed policy. After remediation is applied on a policy, a remediation report becomes available. This report contains a consolidated list of the policy anomalies that existed and the remediations that were applied and can be downloaded as a PDF.