10-13-2015 01:04 PM
There is a feature to highlight unused rules. If a rule goes from used to unused does that feature show it as unused and if so how long does it take to show it as unused?
10-13-2015 02:36 PM
a quick search like https://live.paloaltonetworks.com/t5/forums/searchpage/tab/message?filter=labels&q=unused+rules
the first 2 links say that Unused flag is reset when FW is rebooted. I think that answers your question.
10-14-2015 06:40 AM
To be more specific - this counter is reset when dataplane is restarted not full firewall.
10-14-2015 12:54 PM
But if it never is used again will it always show are used? Based I what I read in other posts it will start showing used after the next reboot
10-14-2015 12:56 PM
I think it does answer my question. So if a rule that was used at least once but never again, it won't show unsed till the next reboot
10-15-2015 02:54 AM
Firewall (or dataplane) restart will restart counter.
When traffic matches rule at least once after reboot then it shows up as used rule.
When rule has not matched starting from last reboot rule shows up as unmatched rule.
10-15-2015 06:02 AM - edited 10-15-2015 06:03 AM
Not exactly certain what you're looking for, but you might want to look into a tool called FireMon.
The UI of this tool replicates other product enviornments.
FireMon has the ability to suggest rule combination changes. Not only will it tell you when/last/how often a rule was used. It gives you usage of objects within a specific rule. (Something Palo UI won't do)
FireMon works with ASAs, CheckPoint, Palo...a wide varitey of platforms.
10-15-2015 07:44 AM
Here's what the report looks like:
You can click each count and view specifics for each rule.
04-14-2016 06:24 AM
So a rule can go unused and show as used until its rebooted. So that would make sense why I have a rule that shows used since the last time I rebooted the FW on March 15 and no longer appears in the traffic monitor after March 20. That can be a little hard to clean up the firewall since randomly rebooting the firewall is not a very viable option. LOL
04-14-2016 07:03 AM
I haved looked at firemon and I love it but the budget here does not love it LOL
04-14-2016 09:02 AM
You may want to look at the very bottom of this article: https://live.paloaltonetworks.com/t5/API-Articles/rules-edit-php-to-manage-edit-export-rules-from-CL...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
