Login
- Table of Contents
-
- 04-Policies
- 01-Security policy
- 02-Security policy redundancy analysis
- 03-Security policy hit analysis
- 04-Security policy optimization
- 05-Attack defense
- 06-Risk analysis
- 07-Blacklist
- 08-Connection limit
- 09-uRPF
- 10-IPCAR
- 11-IP reputation
- 12-Domain reputation
- 13-Application audit
- 14-Bandwidth management
- 15-Server connection detection
- 16-Application proxy
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-Security policy hit analysis | 21.45 KB |
Security policy hit analysis
Introduction
The Policy Hit Analysis page displays security policies that have not matched any packets in the policy creation order. Policies created first come first in the list.
A security policy is not hit if either of the following conditions exists:
· No packets match the filtering criteria specified for the policy.
· The policy is redundant because another security policy with less strict filtering criteria were created earlier than the policy.
Restrictions and guidelines
Match counting or statistics collection must be enabled for security policies for the system to perform policy hit analysis.
Perform policy hit analysis
1. Select Policies > Security Policies > Policy Hit Analysis.
2. View, modify, or delete security policies that have not matched any packets.
Table 1 Policy hit analysis configuration items
|
Item |
Description |
|
Time range |
Select a time range for the analysis from the menu at the top right corner. Options include: · Today. · Last 3 days. · Last 7 days. · Last 30 days. · Last 3 months. · Last 6 months. · Last 12 months. · Last 3 years. |
|
Edit |
To modify a security policy, click the Edit icon for the policy. |
|
Delete |
To delete a security policy, select the policy and then click Delete. |
3. After policy modification or deletion, click Activate to have the security policy configurations take effect immediately.
