Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sven_Glock
Advisor
Jump to solution

Hit Counters

Hi all,

does someone know how exactly hitcounters are working?

I know there is a special database in the management (I am running R77.30).

When hitting a specific rule it takes some minutes until I can see the hit count even if logging is enabled or not,

but what exactly happens in the meanwhile any does it take some time?

Thanks in advance to get clarification Smiley Happy

BR

Sven

1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion

The gateway only pushes hit count updates to the SMS every so often (3 hours I think?), but from the R77.30 SmartDashboard you can perform an immediate pull of the latest gateway hit counts by right-clicking the "Hits" policy column title and selecting Refresh.  A policy reinstallation will also update the hit counts.  If that still doesn't work there are some various SKs such as sk79240 and sk90040 to figure out why hit counts aren't working/updating.

The ability to do an immediate pull of the latest hit counts from the gateway does not appear to exist in the R80 or R80.10 SmartConsole, at least from what I can tell.  A policy installation to the relevant gateway will still update hit counts immediately though.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

5 Replies
Sven_Glock
Advisor

Typo: but what exactly happens in the meanwhile any does it take some time? --> but what exactly happens in the meanwhile and why does it take some time?

0 Kudos
Timothy_Hall
Champion
Champion

The gateway only pushes hit count updates to the SMS every so often (3 hours I think?), but from the R77.30 SmartDashboard you can perform an immediate pull of the latest gateway hit counts by right-clicking the "Hits" policy column title and selecting Refresh.  A policy reinstallation will also update the hit counts.  If that still doesn't work there are some various SKs such as sk79240 and sk90040 to figure out why hit counts aren't working/updating.

The ability to do an immediate pull of the latest hit counts from the gateway does not appear to exist in the R80 or R80.10 SmartConsole, at least from what I can tell.  A policy installation to the relevant gateway will still update hit counts immediately though.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Sven_Glock
Advisor

Thanks for you answer, Tim! It is very helpful!

0 Kudos
Timothy_Hall
Champion
Champion

Just to update this rather old thread, a CCSA student noticed that the Hit Count column is hidden by default in R80.10 management and asked why.  While that column can be restored by right clicking on the column titles in SmartConsole, the best answer I could come up with is that while the Hit Count field can still be effective to locate rules that are disused, it is ineffective starting with R80.10 gateway for determining which rules are the most commonly hit and should be moved up in the rule base to increase rulebase matching efficiency.  I'd surmise that this is due to the new Column-based Matching feature described here:  Unified Policy Column-based Rule Matching 

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
PhoneBoy
Admin
Admin

Agree "hit count" is less interesting in R80.10 due to how rules are matched.

It's still useful for older gateways and when you want to eliminate unused rules, though.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events