Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Creating Policy Analysis Report Definitions

Use the Reports page to create policy analysis report definitions. Policy analysis reports help you to analyze the firewall rule base for policies managed by Security Director. These reports also identify the firewall rules that contain issues.

Before You Begin

Configuring Policy Analysis Report Definitions

To configure a policy analysis report definition:

  1. Select Reports > Report Definitions.
  2. Click Create and then select Policy Analysis Report Definition.
  3. Complete the configuration according to the guidelines provided in the Table 1.
  4. Click OK to save the report definition.
  5. Click Preview as PDF to review the configuration.
  6. Click Send Report Now to send the report through e‐mail to the recipient immediately.

A new policy analysis report definition with the defined configurations is created. You can use the created policy definition to identify the issues with the firewall rules.

Table 1: Policy Analysis Report Definition Settings

Settings

Guidelines

General Information

Report Name

Enter a unique name for the report definition that is a string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 29 characters.

Description

Enter a description for the report definition; maximum length is 1024 characters.

Content

Anomalies

Select the anomaly type that you want to include in the report:

  • Shadowed—Select this option to identify any shadowed rules. A rule is shadowed when all the packets of a previous rule match with the current rule. By selecting this option, the shadowed rules are not evaluated.

  • Redundant—Select this option to identify redundant or duplicate rules. A redundant rule performs the same action on the same packets as another rule. The security policy is not affected by removing the redundant rules.

  • Expired Scheduler—Select this option to identify rules with an expired schedule.

  • Logging Disabled—Select this option to identify rules that have predefined policy profile with all the logging functionality disabled.

  • Unused Rules—Select this option to identify any unused rules.

Note:

By default the report is generated for all types of anomalies.

TimeSpan for unused rules

Select time period for which you want to generate the report for unused rules. Default value is Last day.

Note:

This field is displayed only when you select Unused Rules option for Anomalies.

Policy Type

Select a firewall policy type based on which you want to create a policy analysis report definition:

  • Standard—The policy analysis report definitions are created based on standard firewall policies.

  • Unified—The policy analysis report definitions are created based on unified firewall policies.

Firewall Policy

Select the firewall policy filter to be added by selecting the policy name from the list.

Schedule

Add Schedule

Click Add Schedule.

Select the type of report schedule that you want to use:

  • Run now—Select this option to schedule and publish the configuration at the current time.

  • Schedule at a later time–Select this option if you want to schedule and publish the configuration at a later time.

Select the recurring schedule for report generation. The available options are:

  • Repeat—Select this option to generate the report on an hourly, daily, weekly, monthly, or yearly basis.

  • Every—Select the number of days, weeks, or months for which the recurring report will be generated.

  • Ends—Select the end date and end time for the report.

Email

Email Recipients

Click Add Email Recipients

  • Recipients—Enter or select the e‐mail addresses of the recipients. By default, you can search by first name and select registered users. You can also type in external email addresses.

  • Subject—Enter the subject for the e‐mail notification.

  • Comment—Enter the comments for the e‐mail notification.

Note:

The reports are not sent if a specified recipient does not have permission for a device or domain included in the report configuration when the report is generated.