We're running 4.0.1 in a test environment. We have a large Checkpoint rulebase that we will export. It ideally needs a rule tidy up to remove unused rules and objects.
Can someone describe how the "Highlight Unused Rules" tick box option on the policy page works. Yep, I know it sounds obvious!! But what is it based on - the logs? If so how far back in the logs will it go? Is there then a way of quickly removing unused objects that aren't in rule? etc.
The options shows you the unused since the last restart of the system. So you need to have it pass traffic and execute rules before you can see which rules are used or not.
Thanks Marcel. I'm running Panorama to manage the PA4050s - when you say system restart what exactly do you mean. Eg. I have Panorama receiving logs - I have 3 months worth of logs - the policy config is saved, committed on Panorama and pushed to the PA4050s every week for rule changes. Neither the PAs or the Panorama server or software has been rebooted during that time. When clicking the "Highlight Unused Rules" on Panorama - would I get a full view of what rules didn't see traffic during that 3 month period?
If Panorama was rebooted for some reason - but I still had the logs on Panorama - what would happen if I selected the "Highlight Unused Rules" option then on Panorama?
When you select the context of the unit in Panorama and click on the unused rule you will see which have not been hit since the moment you rebooted the unit.
you can spawn a simple list using the CLI command:
show running rule-use vsys <value> rule-base <security|nat|qos|pbf|decryption|app-override|cp|dos> type <used|unused>
> show running rule-use vsys vsys1 rule-base security type unused rule1 unusedrule1 unusedrule2
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!