Limitations of real-time Policy Analyzer and Optimizer

These are the limitations to consider when using the real-time Policy Analyzer and Optimizer feature:

• Bulk operations: Adding rules in bulk using APIs is not supported.

• Rule type specificity: Conflict detection is available only for access control rule types.

• Workflow enabled: Real-time Policy Analyzer and Optimizer is skipped if a workflow is enabled for rule management.

• Stale policy cache: Anomaly detection is skipped if another user has uncommitted changes. To proceed with real-time anomaly detection, users must first deploy or cancel pending changes, if any.

• Device overrides: Conflict detection considers only the primary value assigned to all object types when adding or modifying rules, and does not consider object overrides.

• Disabled rules: Disabled rules are excluded from conflict detection and do not appear as conflicts for other rules.