09-09-2021 08:44 AM
Hello -
I saw a post about this from 2012 and the answer was basically no.
Well, it's been nine years now and I'm hoping there is a way to view shadow rules without doing a commit.
09-09-2021 09:05 AM
I'm not sure within the NGFW GUI itself beyond policy optimizer (which I know isn't going to fulfill the exact thing you asked about), but I know for a fact expedition is able to show shadow rules and merge them. You can filter based off common fields, click analyze, and review the criteria you wish to replace/standardize.
So if you have 2 rules, one that is source 10.0.0.1 dest 1.1.1.1 port 443 and the second rule src 10.0.0.0/8 dest 1.1.1.1, 443 expedition will merge it into 1 rule and then you are able to remove the criteria you don't want to keep.
So in that way you can export the current config, clean it up in expedition, and then import it back in.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
