Validating policies

You can automatically validate the policy while editing and during policy installation.

The number of rules in a policy can grow large over time. It can become difficult, for example, to notice configuration errors in a policy. To make policy management easier and to make sure that the policy does not contain misconfigured rules, you can automatically validate the policy while editing and during policy installation. You can select different criteria for validating the policy. You can, for example, check the policy for duplicate and empty rules or check if there are rules that cannot match traffic.

Additionally, the engines automatically count how many times each Access rule has matched. Engines also count the number of matches to NAT rules. You can run an analysis over a selected time frame in the policy editing view to display rule counter hits for each rule (in the Hits cell). Rule analysis allows you to find otherwise valid rules that are unnecessary because they match traffic that does not appear in your networks.