How can I run a report to understand the last use of a loaded policy/security rule? For example, if I have 100 security rules in the firewall policy, how can I identify which rules are actively being used, and which ones are not being used often, or at all? I realize that this information is contained within the traffic log, but for an environment whose log rention is not very long (50 days) is there another metric I can generate a report on to see when rules are being used?
Thank you Benajmin. This is pretty much exactly what I was looking for. Now is there any additional modification that can be made to show not only the rules that have NEVER used, but also those that haven not been used in a while, and include the last date/time that the rule was triggered?
I think your next option here is to review logs and start filtering on dates or rules you might question. There's currently not a report like that one for "infrequently" used rules. If you have particular rules you'd like to clean up, you could potentially create a custom report for utilization of just those particular rules, and run it against your desired time frames. Hope this helps!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!