cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Sven_Glock
Silver

Hit Counters

Jump to solution

Hi all,

does someone know how exactly hitcounters are working?

I know there is a special database in the management (I am running R77.30).

When hitting a specific rule it takes some minutes until I can see the hit count even if logging is enabled or not,

but what exactly happens in the meanwhile any does it take some time?

Thanks in advance to get clarification Smiley Happy

BR

Sven

1 Solution

Accepted Solutions

Re: Hit Counters

Jump to solution

The gateway only pushes hit count updates to the SMS every so often (3 hours I think?), but from the R77.30 SmartDashboard you can perform an immediate pull of the latest gateway hit counts by right-clicking the "Hits" policy column title and selecting Refresh.  A policy reinstallation will also update the hit counts.  If that still doesn't work there are some various SKs such as sk79240 and sk90040 to figure out why hit counts aren't working/updating.

The ability to do an immediate pull of the latest hit counts from the gateway does not appear to exist in the R80 or R80.10 SmartConsole, at least from what I can tell.  A policy installation to the relevant gateway will still update hit counts immediately though.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
5 Replies
Highlighted
Sven_Glock
Silver

Re: Hit Counters

Jump to solution

Typo: but what exactly happens in the meanwhile any does it take some time? --> but what exactly happens in the meanwhile and why does it take some time?

0 Kudos

Re: Hit Counters

Jump to solution

The gateway only pushes hit count updates to the SMS every so often (3 hours I think?), but from the R77.30 SmartDashboard you can perform an immediate pull of the latest gateway hit counts by right-clicking the "Hits" policy column title and selecting Refresh.  A policy reinstallation will also update the hit counts.  If that still doesn't work there are some various SKs such as sk79240 and sk90040 to figure out why hit counts aren't working/updating.

The ability to do an immediate pull of the latest hit counts from the gateway does not appear to exist in the R80 or R80.10 SmartConsole, at least from what I can tell.  A policy installation to the relevant gateway will still update hit counts immediately though.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
Sven_Glock
Silver

Re: Hit Counters

Jump to solution

Thanks for you answer, Tim! It is very helpful!

0 Kudos

Re: Hit Counters

Jump to solution

Just to update this rather old thread, a CCSA student noticed that the Hit Count column is hidden by default in R80.10 management and asked why.  While that column can be restored by right clicking on the column titles in SmartConsole, the best answer I could come up with is that while the Hit Count field can still be effective to locate rules that are disused, it is ineffective starting with R80.10 gateway for determining which rules are the most commonly hit and should be moved up in the rule base to increase rulebase matching efficiency.  I'd surmise that this is due to the new Column-based Matching feature described here:  Unified Policy Column-based Rule Matching 

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos
Admin
Admin

Re: Hit Counters

Jump to solution

Agree "hit count" is less interesting in R80.10 due to how rules are matched.

It's still useful for older gateways and when you want to eliminate unused rules, though.

0 Kudos