The Policy Evaluator in Cloud Control Center version 16.2+ allows administrators to quickly determine and verify policy actions applied to traffic from a specified source device to a destination Policy Group over a selected protocol. This tool provides clear insights into the behavior of policies between defined sources and destinations, supporting troubleshooting, auditing, and policy refinement.
Accessing the Policy Evaluator
The Policy Evaluator is available under the Tools and Utilities section of the CCC dashboard. Navigate there and select Policy Evaluator.
The interface guides you through necessary inputs for a policy evaluation, such as selecting a Source and Destination PG, defining the Policy Set, and choosing the Protocol and Port.
How to Use the Policy Evaluator
1. Specify the Source and Destination
The source can be chosen as a Policy Group, MAC Address, or IP Address of a device. In this example, the Desktop Laptop Computers Policy Group is selected as the source. Policy Groups are chosen from a list, while MAC and IP are searchable after typing at least two characters.
Choose the destination Policy Group to which the traffic is directed. Here, Printers and Multifunction Devices is selected as the destination.
2. Specify the Policy Set
Select the Policy Set that includes the policies governing traffic between the chosen source and destination. In the example, the Default Policy Set is selected.
3. Protocol and Port Selection
Choose the Protocol and, if applicable, specify the Port. The available protocols are TCP, UDP, and ICMP. In this case, TCP on port 22 (commonly used for SSH) is chosen.
4. Run the Policy Evaluation
After entering all relevant criteria (source, destination, policy set, protocol, and port), click Run to perform the policy evaluation.
5. Evaluation Results
Once the evaluation is complete, the tool provides a visualization of the path from source to destination, showing how traffic is managed across policy groups and virtual edges. In this example, the Default Policy Set denies traffic from Desktop Laptop Computers to Printers and Multifunction Devices on TCP port 22.
Benefits of the Policy Evaluator
The Policy Evaluator offers several advantages:
- Quick validation of policies without needing live traffic testing.
- Detailed visualization of traffic flow through the network, aiding in troubleshooting.
- Scenario testing by altering source, destination, and protocol inputs, ensuring accurate policy implementation.