When saving and activating polices the Gateway can validate them and provide immediate feedback and advice to any potential problems. For large policies with a number of included policy fragments this can take a significant time, as each included fragment would be validated separately for each time it is used. Some times this validation can take upwards of 25 minutes to complete, and for other polices the process is never completed resulting in the following message:-
Error: Policy too complex to analyze -- too many paths though the policy
If the policy has a number included policy fragments consider converting these to encapsulated assertions, especially if they are used multiple times across a number of polices. This stops the validation from entering the policy logic of the included fragment. This was tested with two sample polices, the first took 25 minutes to validate, the second failed with 'Policy too compex' message. After convering four included fragemetns to encapsulated assertions validation time was reduced to below 1 minute.