https://community.checkpoint.com/t5/General-Topics/Firewall-Automating-Firewall-Rule-Cleanup-Based-on-Usage/m-p/254326#M42735 <P>Hi All</P><P>We’re starting a firewall rule review project across two clusters with over 1000 rules. (Identify, disabele, and after one week delete...)<BR /><BR />We want to automatically identify:&nbsp;</P><UL><LI><P>Rules that were created and have <STRONG>never been used</STRONG></P></LI><LI><P>Rules that were created and with <STRONG>no traffic in over a year</STRONG></P></LI><LI><P>Rules that <STRONG>previously had traffic but have been inactive for 12+ months</STRONG></P></LI></UL><P>Is there a recommended way to extract this information accurately, we don want to do this manually!&nbsp;<BR /><BR />Thanks in advance!</P> Thu, 31 Jul 2025 09:46:49 GMT AfterMath 2025-07-31T09:46:49Z https://community.checkpoint.com/t5/General-Topics/Firewall-Automating-Firewall-Rule-Cleanup-Based-on-Usage/m-p/254326#M42735 <P>Hi All</P><P>We’re starting a firewall rule review project across two clusters with over 1000 rules. (Identify, disabele, and after one week delete...)<BR /><BR />We want to automatically identify:&nbsp;</P><UL><LI><P>Rules that were created and have <STRONG>never been used</STRONG></P></LI><LI><P>Rules that were created and with <STRONG>no traffic in over a year</STRONG></P></LI><LI><P>Rules that <STRONG>previously had traffic but have been inactive for 12+ months</STRONG></P></LI></UL><P>Is there a recommended way to extract this information accurately, we don want to do this manually!&nbsp;<BR /><BR />Thanks in advance!</P> Thu, 31 Jul 2025 09:46:49 GMT https://community.checkpoint.com/t5/General-Topics/Firewall-Automating-Firewall-Rule-Cleanup-Based-on-Usage/m-p/254326#M42735 AfterMath 2025-07-31T09:46:49Z https://community.checkpoint.com/t5/General-Topics/Firewall-Automating-Firewall-Rule-Cleanup-Based-on-Usage/m-p/254335#M42737 <P>Have you explored API options and Policy Insights?</P> <P><A href="https://community.checkpoint.com/t5/API-CLI-Discussion/Retrieving-Rule-Hit-Count-and-Unused-Rules-Information-via-API/td-p/191561" target="_blank">https://community.checkpoint.com/t5/API-CLI-Discussion/Retrieving-Rule-Hit-Count-and-Unused-Rules-Information-via-API/td-p/191561</A></P> <P><A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuide/Content/Topics-SECMG/Policy_Insights.htm" target="_blank">https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuide/Content/Topics-SECMG/Policy_Insights.htm</A></P> <P>&nbsp;</P> Thu, 31 Jul 2025 13:03:23 GMT https://community.checkpoint.com/t5/General-Topics/Firewall-Automating-Firewall-Rule-Cleanup-Based-on-Usage/m-p/254335#M42737 Chris_Atkinson 2025-07-31T13:03:23Z https://community.checkpoint.com/t5/General-Topics/Firewall-Automating-Firewall-Rule-Cleanup-Based-on-Usage/m-p/254336#M42738 <P>Check Point has a <A href="https://github.com/CheckPointSW/PolicyCleanUp" target="_self">PolicyCleanUp</A> tool for this task.<BR />Personally I'd <A href="https://community.checkpoint.com/t5/API-CLI-Discussion/HowTo-Export-a-Security-Policy-to-Excel/m-p/132296/highlight/true#M6356" target="_self">export the security policy to excel</A> and just sort by first / last hit count to identify the rules in question.<BR />Alternatively you could create your own bash / python script to automate the task regarding your specific demand.</P> Thu, 31 Jul 2025 13:13:28 GMT https://community.checkpoint.com/t5/General-Topics/Firewall-Automating-Firewall-Rule-Cleanup-Based-on-Usage/m-p/254336#M42738 Danny 2025-07-31T13:13:28Z https://community.checkpoint.com/t5/General-Topics/Firewall-Automating-Firewall-Rule-Cleanup-Based-on-Usage/m-p/254337#M42739 <P>Great advice Danny, was not aware of this tool.</P> <P>Andy</P> Thu, 31 Jul 2025 13:29:39 GMT https://community.checkpoint.com/t5/General-Topics/Firewall-Automating-Firewall-Rule-Cleanup-Based-on-Usage/m-p/254337#M42739 the_rock 2025-07-31T13:29:39Z https://community.checkpoint.com/t5/General-Topics/Firewall-Automating-Firewall-Rule-Cleanup-Based-on-Usage/m-p/255394#M42937 <P>Thanks for sharing this tool!</P> <P>PolicyCleanUp is very useful, but it's worth mentioning that it only deals with cleaning up "un-hit" rules.</P> <P>If you want to really tighten your policy, you might still have many rules that include un-hit objects or very wide networks or groups that only a small subset of them are in use.</P> <P>Policy Insights (GA for a while now on R81.20 and above) will help you do a deep clean with prioritized recommendations for un-hit rules, un-hit objects and overly permissive groups / networks. It will even give some recommendations for group reuse to make your policy more readable.</P> <P>Definitely worth trying it out.</P> Tue, 19 Aug 2025 07:47:20 GMT https://community.checkpoint.com/t5/General-Topics/Firewall-Automating-Firewall-Rule-Cleanup-Based-on-Usage/m-p/255394#M42937 Tomer_Noy 2025-08-19T07:47:20Z