Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
aharihara
Contributor

Identify shadow rules

Is there a way to identify the shadow or redundant rules? I have used Algosec with a different customer, with latest R81.x I heard that Algosec is not feasible because of the layers and zone based policies. There are few thousands of rules that need to be reconciled across multiple gateways and I need to know a way to do this effectively. Has anyone been in a similar situation and has a solution for this?

Thanks!

0 Kudos
3 Replies
Chris_Atkinson
Employee
Employee

SmartOptimize or other analysis leveraging the APIs seem like the most logical approach.

sk161574 may also be relevant here.

PhoneBoy
Admin
Admin

One common optimization tactic is to eliminate rules that have zero hit count.
There is a script for that: https://community.checkpoint.com/t5/API-CLI-Discussion/Disable-Delete-Rules-with-a-Zero-Hit-Count-MD... 

the_rock
Legend
Legend

I agree with the guys. I will tell you what I always do...is it best way to do this, probably not, but I find it useful. I simply export the rules in CSV format and then look for zero hits and also disabled rules.

Screenshot_1.png

Screenshot_2.png

0 Kudos