hit counts fw rule/policy

Security Gateway Discussions
Post Reply
caso01
Posts: 5
Joined: 10 Apr 2019, 13:12

hit counts fw rule/policy

Post by caso01 » 10 Apr 2019, 13:39

Hi

Is there a way to see hit counts for a specific fw policy? So that i can see it directly in the firewall if the rule is used or not

BR
Carlos

Peter
Posts: 659
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: hit counts fw rule/policy

Post by Peter » 11 Apr 2019, 09:18

Hello.

You can use following CLI command to see that:

rules -verbose

So it will look something like this:
w3b:/> rules -verbose 10-12
Contents of main ruleset; default action is DROP
#     Name                                                  Action  Log    Usage
      Details
----- ----------------------------------------------------- ------- --- --------
10    Allow-LabbVlans-To-PreDefined                         Allow   Yes   580638
      SRC: vlan97,vlan98...:0.0.0.0/0
      DST: V0980-PreDefinedServices:15.122.0.0/24
      Service: all_services
And if you have multiple rulesets the command to view usage in another ruleset would be:

rules –verbose –type=IP –ruleset=xxxx

Best regards
/Peter

caso01
Posts: 5
Joined: 10 Apr 2019, 13:12

Re: hit counts fw rule/policy

Post by caso01 » 11 Apr 2019, 11:40

Thanks!

caso01
Posts: 5
Joined: 10 Apr 2019, 13:12

Re: hit counts fw rule/policy

Post by caso01 » 29 Apr 2019, 08:50

is there a way to get the rule number by the rule name?

caso01
Posts: 5
Joined: 10 Apr 2019, 13:12

Re: hit counts fw rule/policy

Post by caso01 » 29 Apr 2019, 09:00

is there a way to get the rule number by rule name? so that i can search for hits on that specifik rule

Peter
Posts: 659
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: hit counts fw rule/policy

Post by Peter » 30 Apr 2019, 07:25

There is no option to search for the rule name. You can however search for the rule index number. So if you use for instance:

rules -v 10-15

You will list all rules from index position 10 to 15. The rule name will be included in this listning, it's just not searchable. By using this method you should hopefully be able to narrow down the amount of rules until you find the one you are looking for.

Alternatively simply list every rule and then copy & paste it into e.g. notepad and then search for the rule name :D

Best regards
/Peter

caso01
Posts: 5
Joined: 10 Apr 2019, 13:12

Re: hit counts fw rule/policy

Post by caso01 » 30 Apr 2019, 12:33

is there a way to clear hit counts, to see if the rule is in use during a period of time?

Peter
Posts: 659
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: hit counts fw rule/policy

Post by Peter » 08 May 2019, 09:02

Unfortunately no, that means the only way is a Firewall restart.

/Peter

fras
Posts: 23
Joined: 16 Apr 2018, 13:50

Re: hit counts fw rule/policy

Post by fras » 09 May 2019, 11:03

Actually, a Reconfigure is enough to clear the counters.
So not as big impact as a complete reboot.

Best Regards,
Fredrik Å

Peter
Posts: 659
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: hit counts fw rule/policy

Post by Peter » 14 May 2019, 10:54

Ah, i guess my memory served me wrong here. I guess it makes sense to clear it at reconfigure as it's very likely that an IP policy/rule had been changed as that is the most common area that users "reasonably" make frequent changes in.

/Peter

Post Reply