General

Use the General tab to set the following options.

General Fields

In this field...

Do this...

Comprehensive mode - analyze every service defined on the device (slow)

Select this option to specify that AFA should analyze all of the services defined on the device, and not only the ones relevant for risks.

Selecting this option results in more comprehensive information in the reports' Policy tab, particularly when comparing different reports.

Note: Use Comprehensive mode if you plan to use the report Compare feature. This requires the output of which services are allowed in all directions to calculate the differences in the allowed/denied traffic between two reports. Also, enable Comprehensive mode if you need a comprehensive list of all the allowed services for auditing reasons.

Note: Checking this option will result in longer analysis time and will require more disk space.

With IP address name lookups (slow)

Select this option to add the DNS name next to any IP address shown in a report, if a DNS name exists. This functionality requires the AFA machine to be connected to the network and configured to use a name server.

If you want analysis to run faster, clear this option.

Include traffic changes analysis in Change History (slow)

Select this option to specify that the Changes report page should include the calculated changes in allowed traffic (in addition to its regular content).

If you want analysis to run faster, clear this option.

Timed rules: only apply rules active at analysis time

Select this option to specify that time-dependant rules should only be applied if they are active when AFA analysis is performed. This is relevant to policy optimization criteria.

Use public key authentication in data collection

Select this option to use public key authentication in SSH connections to a Check Point management, Juniper Netscreen devices, or NSMs.

Note: When this option is enabled, the password defined for the device(s) in AFA must be the local private key passphrase.

Simulation timeout (seconds)

Type the maximum amount of time in seconds that a traffic simulation query can run.

Data collection timeout (seconds)

Type the amount of time in seconds that the device analyzer should wait for the device's reaction before aborting communications.

If you encounter timeout problems, increase this value.

Days before expiration alerts

Type the number of days before a device rule or VPN user expires that AFA should consider the rule/user as about to expire. This is relevant for policy optimization and for users who are configured to receive such notifications.

Report rules whose comment field...

Complete this field to indicate you want to find rules whose comments match a regular expression, or rules whose comments do not match a regular expression. Select the desired operator in the drop-down menu and type a regular expression describing the format for the rule comment.

For example, if you select does not match, and then type a regular expression that defines the required format of a rule comment, you can detect non-compliant rule comments. For more details, see POLICY OPTIMIZATION page.

Click on the Details button for more information and examples of regular expressions.

If this field is left empty, rule comment detection will be disabled.

Run device analysis

Select Only if the policy/topology changed to specify that if a policy is detected as unchanged during a scheduled analysis, then AFA should not run a full report, but instead create an unchanged report that links to the last report for the policy.

Select Always to specify that AFA will always run a full analysis, regardless of whether the policy has changed or not.

Note: Selecting the Always option will result in longer analysis time and will require more disk space.