Perform a policy consistency check
Policy Check allows you to check all firewall policies to ensure consistency and eliminate conflicts that may prevent your devices from passing traffic. The check will verify:
• Object Duplication: two objects that have identical definitions
• Object Shadowing: a higher priority object completely encompasses another object of the same type
• Object Overlap: one object partially overlaps another object of the same type
• Object Orphaning: an object has been defined but has not been used anywhere.
This allows you to optimize your policy sets and potentially reduce the size of your databases.
The Policy Check uses an algorithm to evaluate firewall policy objects, based on the following attributes:
• The source and destination interface policy objects,
• The source and destination address policy objects,
• The Service and Schedule policy objects.
To perform a policy check:
1. In the Policy & Objects tab, select Policy Check from the menu bar.
The Consistency Check dialog box opens.
2. Select Perform Policy consistency Check and click Apply.
A policy consistency check is performed and the results are displayed.
To view the results of the last policy consistency check:
1. In the Policy & Objects tab, select Policy Check from the menu bar.
The Consistency Check dialog box opens. See
Figure 119.
2. Select View Last Policy Consistency Check Results. Click Apply.
The Consistency Check window opens, showing the results of the last policy consistency check.