https://community.checkpoint.com/t5/General-Topics/delete-unused-NAT-rules/m-p/98566#M19253 <P>Dear All,</P><P>I have over 4000 of NAT rules, and I want to purge the unused ones. (there are a lot of legacy rules)<BR />I know there is no hit count on them, this feature will be implemented in R81.<BR />Do you have any proposals, ideas etc to this quickly or remains the old solution: check all of them manually .<BR />I want avoid of mistakes, because it can cause service distruptions.</P><P>version: MGMT:R80.40, GW:R80.30</P><P>Looking forward to your answers,</P><P>Akos</P> Thu, 08 Oct 2020 15:20:43 GMT AkosBakos 2020-10-08T15:20:43Z https://community.checkpoint.com/t5/General-Topics/delete-unused-NAT-rules/m-p/98566#M19253 <P>Dear All,</P><P>I have over 4000 of NAT rules, and I want to purge the unused ones. (there are a lot of legacy rules)<BR />I know there is no hit count on them, this feature will be implemented in R81.<BR />Do you have any proposals, ideas etc to this quickly or remains the old solution: check all of them manually .<BR />I want avoid of mistakes, because it can cause service distruptions.</P><P>version: MGMT:R80.40, GW:R80.30</P><P>Looking forward to your answers,</P><P>Akos</P> Thu, 08 Oct 2020 15:20:43 GMT https://community.checkpoint.com/t5/General-Topics/delete-unused-NAT-rules/m-p/98566#M19253 AkosBakos 2020-10-08T15:20:43Z https://community.checkpoint.com/t5/General-Topics/delete-unused-NAT-rules/m-p/98571#M19254 <P>Just throwing out an option I may try... depending on the volume of data , you can setup a free Splunk server (I believe the free version of Splunk is 500M of data a day), or ELK, forward your logs there. You can write a query and see which ones are being hit.&nbsp;</P><P>&nbsp;</P> Thu, 08 Oct 2020 15:55:59 GMT https://community.checkpoint.com/t5/General-Topics/delete-unused-NAT-rules/m-p/98571#M19254 Mike_A 2020-10-08T15:55:59Z https://community.checkpoint.com/t5/General-Topics/delete-unused-NAT-rules/m-p/98582#M19256 <P>Really, your only option is to look at what’s been logged.<BR />A third party SIEM might be helpful here but even without that, you might be able to process the logs and see what rule(s) are logged or not.<BR />Its not foolproof of course, but it’s really the only piece of data you have to work with.</P> Thu, 08 Oct 2020 17:16:46 GMT https://community.checkpoint.com/t5/General-Topics/delete-unused-NAT-rules/m-p/98582#M19256 PhoneBoy 2020-10-08T17:16:46Z https://community.checkpoint.com/t5/General-Topics/delete-unused-NAT-rules/m-p/98599#M19258 <P>Or wait for the hitcounters on NAT rules in R81.</P> Thu, 08 Oct 2020 20:44:50 GMT https://community.checkpoint.com/t5/General-Topics/delete-unused-NAT-rules/m-p/98599#M19258 Maarten_Sjouw 2020-10-08T20:44:50Z https://community.checkpoint.com/t5/General-Topics/delete-unused-NAT-rules/m-p/98823#M19276 <P>Hi PhoneBoy,</P><P>Last night I dreamed from this scenario :-):</P><P>We are Check Point partner, and we can download the R81 EA.</P><P>If we install SmartCenter on R81 version, and we migrating the rulebase into, will we able to send the logs with #log exporter from the R80.40 log server?</P><P>I could work?&nbsp; Or is it a blind track?</P><P><SPAN>Looking forward to your answer,</SPAN></P><P>Akos</P><P>&nbsp;</P> Mon, 12 Oct 2020 07:50:21 GMT https://community.checkpoint.com/t5/General-Topics/delete-unused-NAT-rules/m-p/98823#M19276 AkosBakos 2020-10-12T07:50:21Z https://community.checkpoint.com/t5/General-Topics/delete-unused-NAT-rules/m-p/98896#M19278 <P>Correct me if I';m wrong but to my knowledge the hitcounter is not filled from the logs on management but directly by the gateway.</P> <P>Therefore this scenario would not really work. Possibly Tufin or Algosec is able to do it that way.</P> Mon, 12 Oct 2020 14:42:33 GMT https://community.checkpoint.com/t5/General-Topics/delete-unused-NAT-rules/m-p/98896#M19278 Maarten_Sjouw 2020-10-12T14:42:33Z