https://live.paloaltonetworks.com/t5/general-topics/highlight-unused-rules/m-p/31124#M22765 <HTML><HEAD></HEAD><BODY><P>Thanks Marcel. I'm running Panorama to manage the PA4050s - when you say system restart what exactly do you mean. Eg. I have Panorama receiving logs - I have 3 months worth of logs - the policy config is saved, committed on Panorama and pushed to the PA4050s every week for rule changes. Neither the PAs or the Panorama server or software has been rebooted during that time. When clicking the "Highlight Unused Rules" on Panorama - would I get a full view of what rules didn't see traffic during that 3 month period?</P><P></P><P>If Panorama was rebooted for some reason - but I still had the logs on Panorama - what would happen if I selected the "Highlight Unused Rules" option then on Panorama?</P><P></P><P>Many thanks</P></BODY></HTML> Wed, 06 Apr 2011 09:59:35 GMT fmd 2011-04-06T09:59:35Z https://live.paloaltonetworks.com/t5/general-topics/highlight-unused-rules/m-p/31122#M22763 <HTML><HEAD></HEAD><BODY><P> Hi</P><P></P><P>We're running 4.0.1 in a test environment. We have a large Checkpoint rulebase that we will export. It ideally needs a rule tidy up to remove unused rules and objects.</P><P></P><P>Can someone describe how the "Highlight Unused Rules" tick box option on the policy page works. Yep, I know it sounds obvious!! But what is it based on - the logs? If so how far back in the logs will it go? Is there then a way of quickly removing unused objects that aren't in rule? etc.</P><P></P><P>Thanks</P></BODY></HTML> Tue, 05 Apr 2011 21:46:34 GMT https://live.paloaltonetworks.com/t5/general-topics/highlight-unused-rules/m-p/31122#M22763 fmd 2011-04-05T21:46:34Z https://live.paloaltonetworks.com/t5/general-topics/highlight-unused-rules/m-p/31123#M22764 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The options shows you the unused since the last restart of the system. So you need to have it pass traffic and execute rules before you can see which rules are used or not.</P><P></P><P>Marcel</P></BODY></HTML> Wed, 06 Apr 2011 06:51:18 GMT https://live.paloaltonetworks.com/t5/general-topics/highlight-unused-rules/m-p/31123#M22764 mderksen 2011-04-06T06:51:18Z https://live.paloaltonetworks.com/t5/general-topics/highlight-unused-rules/m-p/31124#M22765 <HTML><HEAD></HEAD><BODY><P>Thanks Marcel. I'm running Panorama to manage the PA4050s - when you say system restart what exactly do you mean. Eg. I have Panorama receiving logs - I have 3 months worth of logs - the policy config is saved, committed on Panorama and pushed to the PA4050s every week for rule changes. Neither the PAs or the Panorama server or software has been rebooted during that time. When clicking the "Highlight Unused Rules" on Panorama - would I get a full view of what rules didn't see traffic during that 3 month period?</P><P></P><P>If Panorama was rebooted for some reason - but I still had the logs on Panorama - what would happen if I selected the "Highlight Unused Rules" option then on Panorama?</P><P></P><P>Many thanks</P></BODY></HTML> Wed, 06 Apr 2011 09:59:35 GMT https://live.paloaltonetworks.com/t5/general-topics/highlight-unused-rules/m-p/31124#M22765 fmd 2011-04-06T09:59:35Z https://live.paloaltonetworks.com/t5/general-topics/highlight-unused-rules/m-p/31125#M22766 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>When you select the context of the unit in Panorama and click on the unused rule you will see which have not been hit since the moment you rebooted the unit. </P><P></P><P>Marcel</P></BODY></HTML> Wed, 06 Apr 2011 15:05:44 GMT https://live.paloaltonetworks.com/t5/general-topics/highlight-unused-rules/m-p/31125#M22766 mderksen 2011-04-06T15:05:44Z https://live.paloaltonetworks.com/t5/general-topics/highlight-unused-rules/m-p/72523#M41115 <P>hi is there a way to possibly export the unused policies on an excel?</P> Wed, 10 Feb 2016 08:08:44 GMT https://live.paloaltonetworks.com/t5/general-topics/highlight-unused-rules/m-p/72523#M41115 n.barria 2016-02-10T08:08:44Z https://live.paloaltonetworks.com/t5/general-topics/highlight-unused-rules/m-p/72526#M41116 <P>you can spawn a simple list using the CLI command:</P> <P>&nbsp;</P> <PRE>show running rule-use vsys &lt;value&gt; rule-base &lt;security|nat|qos|pbf|decryption|app-override|cp|dos&gt; type &lt;used|unused&gt; </PRE> <P>&nbsp;</P> <P>eg:</P> <PRE>&gt; show running rule-use vsys vsys1 rule-base security type unused rule1 unusedrule1 unusedrule2</PRE> Wed, 10 Feb 2016 08:48:37 GMT https://live.paloaltonetworks.com/t5/general-topics/highlight-unused-rules/m-p/72526#M41116 reaper 2016-02-10T08:48:37Z