In this video, we’ll review the Rule Decommissioning Workflow. A typical scenario for this workflow is that as your security policy evolves, rules can become fully shadowed, redundant or unused, resulting in no hits.
Unused rules increase maintenance complexity and may have an impact on the attack surface. However, firewall administrators tend to avoid manual rule removal, as this action is considered complex and risk.
Fortunately, you can safely clear the clutter reduce complexity and eliminate risk using the rule decommissioning workflow. Let’s see how it is.
Start off by using the SecureTrack policy browser to search for the relevant rules.
In this example, we’ll run a query to search for all rules that have been decertified. In the query results displayed, you can see that the certification status is decertified.
Now select the rules you want to decommission and click ”Add to ticket”.
Then, click “View cart” select disabled rules or remove rules add a name to the ticket.
Click “Continue” and a new ticket is opened in SecureChange.
Submit the ticket.
In SecureChange, review and approve the ticket. Then use designer to design policy changes.
Review the designer recommendations.
Click update devices to go ahead and provision the policy changes.
Then verify the changes using “Verifier”. Verifier indicates that the rule was successfully disabled.
And we’re done.
To summarize, the Rule Decommissioning Workflow helps you clear clutter, reduce complexity, and eliminate risk by identifying redundant rules and allowing you to disable or remove them in a controlled manner.
Thank you for watching.