Let us say you have a firewall pair configured and rules configured and one day you fail them over - or they fail over. The primary is rebooted. When the primary comes back up all sessions are transferred back and everything is fine. Except, as I understand it, the only time rule counters are reset is after a reboot (or the backplane is restarted). So if those sessions are never again dropped, and thus never hit the rule allowing them again, that rule may appear as unused. Is this correct and, if so, is there a way to resovle it for a rule-base review - to know which rules are really not being used and avoid disabling "unused rules" that are really just maintaining their sessions between failovers?
... View more