How to view rule usage for policy rules pushed to a device
group from Panorama.
As your policies change over time, tracking
rule usage on Panorama helps you evaluate whether your policy implementation
continues to match your enforcement needs. This visibility helps
you identify and remove unused rules to reduce security risks and
keep your policy rule base organized. Additionally, rule usage tracking
allows you to quickly validate new rule additions and rule changes
and to monitor rule usage for operations and troubleshooting tasks.
On Panorama, you can view the rule usage of appliances in a device
group—to which you pushed policies—to determine if all, some, or
none of the appliances have traffic matches instead of only being
able to monitor the total number of hits across all appliances in
a device group. Rule usage information displayed persists through
reboot, dataplane restarts and upgrades.
Panorama rule usage
is determined by the managed firewalls with Policy Rule Hit count
(enabled by default). If the Policy Rule Hit Count is disabled on
a firewall or if the firewall is running a PAN-OS 8.0 or earlier
release, Panorama will be unable to consider that firewall in the calculation
of rule usage.
To view the rule usage across any Shared rule
or for a specific device group: