This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Noz
Employee
Employee
‎2020-09-23 02:53 PM

Find/Remove unused NAT rules

Hi, all.

I'm working on a method of identifying unused NAT rules and eliminating them. FW rules are easy enough because the have hit counters. NAT rules currently do not.

I know hit count for NAT rules is supported in R81, but the customer is looking for a workaround in current architecture (R80.40).

I can imagine that it may be possible to use API calls to dump both rulebases and compare the objects in each to find which are mutually exclusive. Then we would understand which objects are used in the NAT rulebase and not in the FW rulebase.

Has anybody successfully achieved the above scenario? If so, could you share your methodology with me?

Thanks,

Noah G

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2020-09-23 03:48 PM

You also have to keep in mind that NAT rules may be created as a result of object definitions.
Making actually getting all the NAT rules a little more complicated than analyzing an Access Policy.

0 Kudos
Noz
Employee
Employee
‎2020-09-23 09:41 PM
In response to PhoneBoy

It's probably a more delicate process than I let on but I was hoping for advice on scoping out a method and potential limitations. I'm sure somebody's had a similar idea.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events