highlight unused rules highlights rules possibly used in the past

Showing results for 
Show  only  | Search instead for 
Did you mean: 

highlight unused rules highlights rules possibly used in the past

L0 Member


I have a query where the highlight unused rules is showing rules as unused, which possibly were used in the past. The security policies were created based on traffic log reports and the same security policies are now showing as unused. I see that the feature says unused since the last reboot, however the device has not been rebooted since the setup, for the past 80 days. I am just trying to justify why these rules are showing up as unused:

> Currently there is no log for that traffic, it has been purged. The log may have appeared 50 days back, but the firewall has only 30 days worth of traffic log. Would this clear the counter/flag for that security policy making it unused again?

> Would renaming the security policy clear this counter/flag marking it as unused?

Thanks & Best Regards,



L5 Sessionator


For today, the only thing you can is just compare the "popularity" of your rule buy creating a custom report based traffic log and on both "security rule" and "repeat count"


Hope help.


L0 Member


Thanks a lot for your responses. They were indeed very helpful.

I gave it a bit more thought and was able to realize why the rules were showing up as unused.

The new security policies were created based on traffic that was hitting a policy named Default-Allow. They were added above the Default-Allow. Some of these newly created security policies are showing up as unused. For sure some of the traffic patterns that hit the Default-Allow in the past have not been seen again and have therefore not hit the newly created specific rule. Therefore some of these new rules are showing up as unused.

Thanks again & Best Regards,


Hi Vince


I appreciate your post, could you help me with details on how did you create the custom report with " based traffic log and on both "security rule" and "repeat count", which query builders did you use for it. Coz from the options vailable I was not able to create the query based on Rule and hit count as you definbed it. 


Appreciate your contribution


Hi @VinceM,


Which PAN-OS were you using when building this custom report?
I cannot find "Repeat Count". I can only find "Sessions".


I'm running PAN 7.1.16

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!