Rule Usage Filtering
Filter rule usage to identify unused rules for deletion in order to improve your security posture.
Over-provisioned access on the firewall can be exploited by attacks, and administrators need to periodically check for outdated and unused rules. View the policy rule usage to simplify your rule lifecycle management to find unused rules and delete them to maintain an up to date rulebase and improve your security posture. In PAN-OS 9.0, Rule Usage Filtering enables you to quickly filter the selected rulebase based on the rule usage data, as well as additional rule data such as the Created and Modified dates, within a customizable timeframe.
Additionally, use the Rule Usage Filter to Migrate Port-Based to App-ID Based Security Policy Rules. By migrating to app-based rules, administrators can reduce the attack surface and gain visibility into, inspect, and safely enable applications on your network.
- Log in to the firewall web interface.
- Select DeviceSetup Management, and navigate to the Policy Rulebase Settings to verify that Policy Rule Hit Count is enabled.
- Select Policies and then select the policy rulebase to filter.
- In the Policy Optimizer window, click Rule Usage to view the rule usage filter.
- Filter rules in the selected rulebase.
- Select the Timeframe you want to filter from the drop-down, or specify a Custom timeframe.
- Select the rule Usage to filter.
- (Optional) If you have reset the rule usage data for any rules, check the Exclude rules reset during the last _ days, and within how many days the rules were reset in order to be excluded. Rules that were reset before the specified number of days are included in the filtered results.
- (Optional) Specify search filters based on
additional rule data, other than the rule usage.
- Hover your mouse over the column header, and from the drop-down select Columns.
- Add any additional columns to want to filter with or to display.
- Hover your mouse over the column data that you would like to filter, and select Filter from the drop-down. For data that contain dates, select whether to filter using This date, This date or earlier, or This date or later.
- Click Apply Filter.
Monitor Policy Rule Usage
How to view rule usage for policy rules pushed to a device group from Panorama. ...
View Policy Rule Usage
View the policy rule hit count data of managed firewalls to monitor rule usage in order to validate rules and keep your rule base organized. ...
Rule Usage Query
Query your policy rule base to determine rule usage for a specified period of time. ...
Sorting and Filtering Security Policy Rules
Use application usage information to prioritize which rules to migrate from port-based to app-based rules or to clean up (remove unused apps) first. ...
Creating and Managing Policies
Creating and Managing Policies Select the Policies Security page to add , modify, and manage security policies: Task Description Add Add a new policy rule ...
Identify Security Policy Rules with Unused Applications
Policy Optimizer finds Security policy rules that specify applications not seen on your network so you can remove the unused apps to reduce the attack ...
Policy Optimizer Concepts
Concepts for migrating port-based Security rules to app-based rules, removing unused apps from rules, and safely enabling apps without compromising availability. ...
PAN-OS 9.0 supports Temporary Master Key Expiration Extension; Rule Changes Archive; Enforcement of Rule Description, Tag, and Audit Comment; Tag Based Rule Groups; Policy Match ...