Identify the tools to optimize Security plicies.Palo Alto Networks PCNSA Study Guide v10
The policy optimizer helps to identify port based rules that can be converted to App-ID based rules for better visibility and security. It also calls out App-ID rules with unused applications (over-provisioned). Application based rules increase security by only allowing the applications you want and by limiting them to the port they are usually on to prevent evasion.
To find port-based rules, use the No App Specified option under Policy Optimizer. The compare option can then show you the applications usage for those rules.
You can add the discovered App-IDs to policy using one of the four options at the bottom of the Application & Usage window.
- Create Cloned Rule: Creates a duplicate of the rule being examined with the application added.
- Add to This Rule: Adds the application to the existing rule
- Add to Existing Rule: Adds the application to another existing rule.
- Match Usage: Replaces the policy with a new app-id-based rule.