Analyze policies such as ACL and Firewall to pinpoint rules that conflict or will never be hit and identify full or partial redundancy.
Creating and updating policy configurations can be time consuming and costly to Network Operations teams. Redundant or conflicting rules can cause confusion, performance issues, and security vulnerabilities.
Itential’s Policy Analyzer tool analyzes policies such as ACL and Firewall to pinpoint rules that conflict or will never be hit and can identify full or partial redundancy. Various Network Address Math functions are available through the API and it also validates ipv4, ipv6, and MAC addresses. With all of these tools, building a concise and valid policy configuration becomes much easier.
Policy Analyzer Features
- IP and MAC Address Validation
Validate and normalize any ipv4 and/or ipv6 address(es). Validate MAC addresses and return valuable information like the owning organization, version, and individual address block.
- Network Address Math
A set of CIDR block functions, including collapsing a set of addresses, checking if a network contains a subnet, calculating all subnets for a network based on prefix length, and network validation.
- Policy Analysis
Maximize Firewall and ACL efficiency by analyzing a set of policy rules to determine issues of redundancy, conflict, partial redundancy, or pinpoint rules that will never be hit.