View Policy Rule Usage
View the policy rule hit count data of managed firewalls to monitor rule usage in order to validate rules and keep your rule base organized.
View the number of times a Security, NAT, QoS, Policy Based Forwarding, Decryption, Tunnel Inspection, Application Override, Authentication, or DoS protection rule matches traffic to help keep your firewall policies up to date as your environment and security needs change over time. To prevent attackers from exploiting over-provisioned access, such as when a server is decommissioned or when you no longer need temporary access to a service, use the Rule Usage hit-count data to identify and remove unused rules. The policy rule hit count gives you the information to determine whether a rule is effective for access enforcement. You can reset the rule hit count data to validate an existing rule or to gauge rule usage within a specified period of time. Policy rule hit-count data is not stored on the firewall or Panorama so after you clear the hit count using the reset option, that data is no longer available.
The rule hit-count data is not synchronized across firewalls in an HA deployment so you need to log in to the each firewall to view the policy rule hit count data for each firewall.
Additionally, the policy rule usage feature provides the ability to validate rule additions and rule changes and to monitor the time frame when a rule was used. For example, when you migrate port-based rules to app-based rules, you create an app-based rule above the port-based rule and check for any traffic that matches the port-based rule. After migration, the hit-count data helps you determine whether the port-based rule is safe to remove by confirming whether traffic is matching the app-based rule instead of the port-based rule.
- Launch the Web Interface.
- Select Policies.
- View the policy rule usage for each policy rule:
- Hit Count—The number of times traffic matched the criteria you defined in the policy rule. Persists through reboot, dataplane restarts, and upgrades unless you manually reset or rename the rule.
- Last Hit—The most recent timestamp for when traffic matched the rule.
- First Hit—The first instance when traffic was matched to this rule.
Rule Usage Tracking
Rule usage tracking helps you monitor rule usage on Panorama and firewalls to validate rules and keep your rule base organized. ...
Monitor Policy Rule Usage
How to view rule usage for policy rules pushed to a device group from Panorama. ...
Security Policy Security policy protects network assets from threats and disruptions and aids in optimally allocating network resources for enhancing productivity and efficiency in business ...
Data-Center-to-Internet Traffic Security Approaches
Learn the risks of the traditional approach to securing data center server traffic to internet servers (for updates, certificate revocation checks, etc.) and how the ...
Create a Security Policy Rule
Create a Security Policy Rule ( Optional ) Delete the default Security policy rule. By default, the firewall includes a security rule named rule1 that ...
What Data Center Traffic to Log and Monitor
The types of data center traffic you should log and monitor, the tools you can use to analyze the traffic, and how to best utilize ...
User-to-Data-Center Traffic Security Approaches
Learn the risks of the traditional approach to securing user traffic to the data center and how the best practice approach mitigates those risks. ...
Intra-Data-Center Traffic Security Approach
Learn the risks of the traditional approach to securing traffic flowing between data center servers (east-west traffic) and how the best practice approach mitigates those ...
Internet-to-Data-Center Traffic Security Approach
Learn the risks of the traditional approach to securing internet traffic entering the data center and how the best practice approach mitigates those risks. ...