This help contains the following topics:
This feature allows the system to compare the filtering criteria of existing security policies and identify redundant policies for users to simplify the configuration. Redundant security policies do not take effect because no packets can match the policies. A security policy is considered redundant in the following conditions:
The security policy uses the same filtering criteria as a policy created earlier.
The security policy uses filtering criteria that are covered by a policy created earlier.
To avoid effect on the network, perform this task when the traffic load is light. As a best practice, perform redundancy analysis right after you complete configuring security policies.
The system performs redundancy analysis again automatically if a security policy is modified from the page.
This feature analyzes only enabled security policies.
This feature analyzes a maximum of 100 security policies at a time. If more than 100 security policies exist on the device, modify or delete the discovered redundant policies and then perform redundancy analysis again.
Redundancy analysis consumes CPU resources. As a best practice, perform redundancy analysis when the traffic load is light.
Click Policies > Security Policies > Redundancy Analysis.
Click Start to start a redundancy analysis.
Redundant security policies will be displayed in the list in the order these policies were created.
Modify or delete redundant security policies.
To modify a redundant policy, click the Edit icon for the policy.
To delete a redundant policy, select the policy, and then click Delete.