Expressions

The main expression tab shows a list of currently defined expressions. The tool bar contains a number of icons that represent actions to perform on these expressions.

creates a new expression with a default name. Double click the expression to rename it.
deletes expressions. First select an expression to delete.
invokes the structured editor in a pop up window. This is how you can edit expressions. If you select multiple expressions a structured editor window is displayed for each one.
performs Policy Validation using the selected expression on a security device configuration. The details of this operation are described in the Using Expressions section below.
The next button toggles to control how the list of expressions is displayed. If it is the expression names and descriptions are displayed. If it is only the expression names are displayed.

Using Expressions

To perform Policy Validation, select the Expressions tab. From that tab, select the set of expressions you want to use as constraints against a configuration. Then click the screw driver and wrench . A dialog box will appear.

Enter the path to the file containing the configuration, or use the "Browse" button to browse the file system and select the file. Set the device family in the "Family" drop down. You must set the proper version in the "Version" area or enable "Autodetect" which will attempt to determine the version automatically. This may not work for some versions for some families.

The resuls will be put in to a temporary file, or you can have them saved to a specific file by entering the path to the file in the "Path" area of the "Results" groupbox and checking the "Save to" checkbox directly below.

The "Options" groupbox lets you set the dictionary to use (if there is more than one) with the "Dictionary" dropdown, and whether to look at traffic for each interface independently (disable the "Cross Interface" checkbox) or for pairs of interfaces (enable the "Cross Interface" checkbox). See Cross Interface for more details on this.

Once you have selected all the parameters, press the "Analyze" button to start the Analyzer. This will pop up a status window.

The overall status is displayed in the first line. You can access the details of the Analyzer's output by pressing the button next to "Process Output", or press to hide them. In the same way uou can also access the details of the command line used to invoke Analyzer by pressing the button next to "Command Line". In the screen shot above, the process details are displayed and the command line options are not. The state of these buttons is remembered so that showing the process details will do so in subsequent analyses until changed.

Once the analysis has successfully completed, you can press a "View Results" button will appear. If you press it, the status pop up will close and new instance of Visualizer will start and display the results. The constraint expression is displayed between the top conflict grid and the bottom configuration display. The conflict grid shows all packet regions expressed by the configuration that do not match the constraint expression. Each expression used will get a separate tab for its specific results.

Because you can view the command line options, using Querent can be a handy way to set up for using Analyzer in a script.