Dissection

The Dissection operation creates a table of non-conflicting packet areas called slices. Each slice represents a set of packets that all have the same firewall actions performed. Further, each possible packet will be present in exactly one slice. This removes ambiguity when trying to understand how a configuration will operate so that when the slice containing a packet at issue is found no more searching is needed to know that the behavior of the slice is how the packet would be handled by the firewall.

Browsing

Combined with filtering, Dissection lets you interactively learn about a configuration and determine if the configuration is operating according to the guiding security policy. This can be useful in the cases when you must quickly learn about new configurations. For example, when you are new to an organization, your organization must incorporate a set of devices (e.g. through a merger), or you are a consultant or auditor working with a new customer.

Remediation

Dissection and filtering can also be useful for remediation. Say you are given a set of packets that are causing a problem, e.g. they are passing when they shouldn't be or they are not being appropriately processed, but you don't know which of the 100's or 1000's of lines in your configuration need to be changed to fix the problem. You can build a dissection report of the configuration, and then set up a filter to concentrate on how the problem packets are being handled. The dissection slices include references to the configuration lines that cause the action. You have reduced the number of lines down to a handful, and at this point it is generally obvious what needs to be changed in the configuration.

You can dissect rule tables of independent interfaces. Alternatively, you can use the cross interface calculation to compute a dissection of how packets are handled as they flow across pairs of interfaces.