Security policy redundancy analysis

This help contains the following topics:

·     Introduction

·     Restrictions and guidelines

·     Perform redundancy analysis

Introduction

This feature allows the system to compare the filtering criteria of existing security policies and discover redundant policies for users to simplify the configuration. Redundant security policies do not take effect because no packets can match the policies. A security policy is considered redundant in the following conditions:

·     Two security policies have the same filtering criteria and the policy created later is considered redundant.

·     The filtering criteria of a security policy contain the filtering criteria of a security policy created later. The security policy created later is considered redundant.

To avoid effect on the network, perform this task when the traffic load is light. As a best practice, perform redundancy analysis right after you complete configuring security policies.

The system performs redundancy analysis again automatically if a security policy is modified from the page.

Restrictions and guidelines

·     This feature analyzes only enabled security policies.

·     This feature analyzes a maximum of 100 security policies at a time. If more than 100 security policies exist on the device, modify or delete the discovered redundant policies and then perform redundancy analysis again.

·     Redundancy analysis consumes CPU resources. As a best practice, perform redundancy analysis when the traffic load is light.

Perform redundancy analysis

1.     Click Policies > Security Policies > Redundancy Analysis.

2.     Click Start to start a redundancy analysis.

Redundant security policies will be displayed in the list in the order these policies were created.

3.     Modify or delete redundant security policies.

¡     To modify a redundant policy, click the Edit icon for the policy.

¡     To delete a redundant policy, select the policy, and then click Delete.