looking for efficient way to clear specific security rule hit counts

1treelanedrv — Tue, 24 Sep 2024 15:30:29 GMT

I have Panorama managing 2 HA paired firewalls.

The security rules are pushed to both HA pairs.

I want to clear the hit counts for specific rules.

If I login to the active firewall then I can run this command and it works fine.

show rule-hit-count vsys vsys-name vsys1 rule-base security rules list [ "asdf1" "asdf2" "asdf3" ]

And the clear version of that is

clear rule-hit-count vsys vsys-name vsys1 rule-base security rules list [ "asdf" "asdf2" "asdf3" ]

However, in Panorama, things are different. I can only show one rule.

show rule-hit-count device-group ASDF-DG post-rulebase security rules rule-name "asdf"

and then get weird trying to clear. It makes me specify a rule name and then asks for a list of rules.

clear rule-hit-count device-group ASDF-DF rulebase security rules rule-name "asdf" device [serial number] vsys list ? [ Start a list of values. <value> vsys name

Is there a better way to clear a specific list of security rules from Panorama?

Or should we just login to both active firewalls and clear it with the command from above?

Re: looking for efficient way to clear specific security rule hit counts

1treelanedrv — Thu, 26 Sep 2024 14:32:48 GMT

Luckily, I have a small deployment and so I will just run the clear command on each active firewall.

topic Re: looking for efficient way to clear specific security rule hit counts in General Topics

looking for efficient way to clear specific security rule hit counts

Re: looking for efficient way to clear specific security rule hit counts