Network Policy Analyzer

Analyze policies such as ACL and Firewall to pinpoint rules that conflict or will never be hit and identify full or partial redundancy.
Screenshot of Policy Analyzer

Creating and updating policy configurations can be time consuming and costly to Network Operations teams. Redundant or conflicting rules can cause confusion, performance issues, and security vulnerabilities.

Itential’s Policy Analyzer tool analyzes policies such as ACL and Firewall to pinpoint rules that conflict or will never be hit and can identify full or partial redundancy. Various Network Address Math functions are available through the API and it also validates ipv4, ipv6, and MAC addresses. With all of these tools, building a concise and valid policy configuration becomes much easier.

Policy Analyzer Features

Reduce network configuration problems due to complexity and human error. Ensure common network mistakes are avoided, and network ACL policies are in correct.

IP and MAC Address Validation


Validate and normalize any ipv4 and/or ipv6 address(es). Validate MAC addresses and return valuable information like the owning organization, version, and individual address block.

Network Address Math


A set of CIDR block functions, including collapsing a set of addresses, checking if a network contains a subnet, calculating all subnets for a network based on prefix length, and network validation.

Policy Analysis


Maximize Firewall and ACL efficiency by analyzing a set of policy rules to determine issues of redundancy, conflict, partial redundancy, or pinpoint rules that will never be hit.

Try Policy Analyzer