Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AkosBakos
Collaborator

delete unused NAT rules

Dear All,

I have over 4000 of NAT rules, and I want to purge the unused ones. (there are a lot of legacy rules)
I know there is no hit count on them, this feature will be implemented in R81.
Do you have any proposals, ideas etc to this quickly or remains the old solution: check all of them manually .
I want avoid of mistakes, because it can cause service distruptions.

version: MGMT:R80.40, GW:R80.30

Looking forward to your answers,

Akos

0 Kudos
5 Replies
Mike_A
Advisor

Just throwing out an option I may try... depending on the volume of data , you can setup a free Splunk server (I believe the free version of Splunk is 500M of data a day), or ELK, forward your logs there. You can write a query and see which ones are being hit. 

 

PhoneBoy
Admin
Admin

Really, your only option is to look at what’s been logged.
A third party SIEM might be helpful here but even without that, you might be able to process the logs and see what rule(s) are logged or not.
Its not foolproof of course, but it’s really the only piece of data you have to work with.

Maarten_Sjouw
Champion
Champion

Or wait for the hitcounters on NAT rules in R81.

Regards, Maarten
AkosBakos
Collaborator

Hi PhoneBoy,

Last night I dreamed from this scenario :-):

We are Check Point partner, and we can download the R81 EA.

If we install SmartCenter on R81 version, and we migrating the rulebase into, will we able to send the logs with #log exporter from the R80.40 log server?

I could work?  Or is it a blind track?

Looking forward to your answer,

Akos

 

0 Kudos
Maarten_Sjouw
Champion
Champion

Correct me if I';m wrong but to my knowledge the hitcounter is not filled from the logs on management but directly by the gateway.

Therefore this scenario would not really work. Possibly Tufin or Algosec is able to do it that way.

Regards, Maarten

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events