Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Highlight Unused Rules

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Highlight Unused Rules

L3 Networker

Hi

We're running 4.0.1 in a test environment. We have a large Checkpoint rulebase that we will export. It ideally needs a rule tidy up to remove unused rules and objects.

Can someone describe how the "Highlight Unused Rules" tick box option on the policy page works. Yep, I know it sounds obvious!! But what is it based on - the logs? If so how far back in the logs will it go? Is there then a way of quickly removing unused objects that aren't in rule? etc.

Thanks

5 REPLIES 5

L4 Transporter

Hi,

The options shows you the unused since the last restart of the system. So you need to have it pass traffic and execute rules before you can see which rules are used or not.

Marcel

Thanks Marcel. I'm running Panorama to manage the PA4050s - when you say system restart what exactly do you mean. Eg. I have Panorama receiving logs - I have 3 months worth of logs - the policy config is saved, committed on Panorama and pushed to the PA4050s every week for rule changes. Neither the PAs or the Panorama server or software has been rebooted during that time. When clicking the "Highlight Unused Rules" on Panorama - would I get a full view of what rules didn't see traffic during that 3 month period?

If Panorama was rebooted for some reason - but I still had the logs on Panorama - what would happen if I selected the "Highlight Unused Rules" option then on Panorama?

Many thanks

Hi,

When you select the context of the unit in Panorama and click on the unused rule you will see which have not been hit since the moment you rebooted the unit.

Marcel

hi is there a way to possibly export the unused policies on an excel?

you can spawn a simple list using the CLI command:

 

show running rule-use vsys <value> rule-base <security|nat|qos|pbf|decryption|app-override|cp|dos> type <used|unused> 

 

eg:

> show running rule-use vsys vsys1 rule-base security type unused 

rule1
unusedrule1
unusedrule2
Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 4756 Views
  • 5 replies
  • 2 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!