Shadow rules are provided to monitor overlapping rules on a per-rule basis. The Shadow feature displays each rule and reveals all rules that are shadowed by that rule. It also provides a list of rules that are shadowed from the rule. Shadow rules generally indicate a broader rule that matches the criteria, but it is configured above a more specific rule. You can select and view all rules and shadow data for any rule.
For example, rule traffic never matches a second rule that specifically allows say, web-browsing, because all web-browsing applications would have already been allowed by the first rule.
To monitor Shadow rules
Navigate to POLICY | Rules and Policies > Shadow.
The Shadow page appears. Click Generate on the right of the top toolbar for each tab to refresh the available policies.
You should regenerate anytime you have changed or added any policies.
You can further sort the Policy Type by first selecting the policy type, in this example, Security Policy, then using the All Rules drop-down menu, select the specific policy you would like to investigate.
Click the blue naming instance to view additional Security Rule Details.