On enterprise firewall management and operation, there a lot of changes raised by the users, applications provides and the management itself for some purpose. Every changes must through few procedures before its can be apply to the network.
However, when there are so many firewall rules to serves the enterprise, some of it will change to unused rules. This turned to unused policy when application change, network change or user leave.
These unused or “stale” rules are a hidden menace to your firewall policy rulebase. First of all, they slow down performance – since the firewall has to scan all of the rules from the top for every traffic request. Second, they are a threat to security – they may leave access open to an unwanted visitor – Reuven Harrison – CTO
More info: www.tufin.com