Highlight Unused Rules

Reply
fmd
L3 Networker

Highlight Unused Rules

Hi

We're running 4.0.1 in a test environment. We have a large Checkpoint rulebase that we will export. It ideally needs a rule tidy up to remove unused rules and objects.

Can someone describe how the "Highlight Unused Rules" tick box option on the policy page works. Yep, I know it sounds obvious!! But what is it based on - the logs? If so how far back in the logs will it go? Is there then a way of quickly removing unused objects that aren't in rule? etc.

Thanks

L4 Transporter

Re: Highlight Unused Rules

Hi,

The options shows you the unused since the last restart of the system. So you need to have it pass traffic and execute rules before you can see which rules are used or not.

Marcel

fmd
L3 Networker

Re: Highlight Unused Rules

Thanks Marcel. I'm running Panorama to manage the PA4050s - when you say system restart what exactly do you mean. Eg. I have Panorama receiving logs - I have 3 months worth of logs - the policy config is saved, committed on Panorama and pushed to the PA4050s every week for rule changes. Neither the PAs or the Panorama server or software has been rebooted during that time. When clicking the "Highlight Unused Rules" on Panorama - would I get a full view of what rules didn't see traffic during that 3 month period?

If Panorama was rebooted for some reason - but I still had the logs on Panorama - what would happen if I selected the "Highlight Unused Rules" option then on Panorama?

Many thanks

L4 Transporter

Re: Highlight Unused Rules

Hi,

When you select the context of the unit in Panorama and click on the unused rule you will see which have not been hit since the moment you rebooted the unit.

Marcel

L1 Bithead

Re: Highlight Unused Rules

hi is there a way to possibly export the unused policies on an excel?

Community Manager

Re: Highlight Unused Rules

you can spawn a simple list using the CLI command:

 

show running rule-use vsys <value> rule-base <security|nat|qos|pbf|decryption|app-override|cp|dos> type <used|unused> 

 

eg:

> show running rule-use vsys vsys1 rule-base security type unused 

rule1
unusedrule1
unusedrule2

Help the community: Like helpful comments and mark solutions
Reaper out
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!