Let us say you have a firewall pair configured and rules configured and one day you fail them over - or they fail over. The primary is rebooted. When the primary comes back up all sessions are transferred back and everything is fine. Except, as I understand it, the only time rule counters are reset is after a reboot (or the backplane is restarted). So if those sessions are never again dropped, and thus never hit the rule allowing them again, that rule may appear as unused.
Is this correct and, if so, is there a way to resovle it for a rule-base review - to know which rules are really not being used and avoid disabling "unused rules" that are really just maintaining their sessions between failovers?
What you really want is a new feature in PAN-OS 8.1, but I wouldn't recommend installing it quite yet.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!