Firewall Analyzer - Rule Reorder - FAQ

1. What is 'Rule Reorder' report? What are the metrics used to generate 'Rule Reorder' report?

The Rule Reorder report in Firewall Analyzer Compliance tab suggests reorder of rules for better firewall performance.

  1. Rule hit count (rule usage) and individual rule complexity is used to reorder rules of a firewall device.
  2. If the rules are reordered as per Firewall Analyzer's suggestion, it will improve the performance of the firewall device.
  3. Policy reorder process is resource intensive, so it is taken up on demand only.

2. What is unresolved data? How to resolve the data to generate 'Rule Reorder' report?

When Rule Reorder report is generated, Firewall Analyzer processes all the rules and finds out the unresolved data present in rule source, destination, service, application objects and prompt the user to resolve it.

  • If it is network object, the user can assign the IP address/range.
  • If it is service, application object, the user can assign the protocol and port.

After resolving all the objects, the user has to update. On update, the resolved data is updated in the rules.

The user can resolve those objects or can skip it. If the user skips the unresolved data, the rules associated with those objects will not taken in to account for reorder process.

3. Did Firewall Analyzer push the reorder changes to firewall?

No. Firewall Analyzer only recommends to change the order of rules to improve the performance. You have to do the changes in the firewall by yourself.

4. How to regenerate 'Rule Reorder' report?

The policy reorder reports are firewall device specific, so select a particular device. Click the Refresh link to regenerate the reorder report.

 

 

A single platter for comprehensive Network Security Device Management