How real-time Policy Analyzer and Optimizer works

Anomalies are detected and reported exclusively on the rule currently being created or edited, ensuring that existing rules are not independently flagged unless changes are made on them.

When you add or edit a rule, Cloud-Delivered Firewall Management Center checks for conflicts (shadowed or redundancy) based on the position of that rule:

• Adding a rule after existing rules: A new rule can be shadowed by rules that are already placed above it in the policy.

• Adding a rule in the middle: A new rule can be shadowed by the rules above it and may also make the rules positioned below it redundant.

• Adding a rule at the beginning: A new rule can make the rules positioned below it redundant.

Note	When editing a rule, if changes introduce new anomalies, they will be reported, and the conflict type will be determined based on the edited rule's position.