Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
aharihara
Contributor

Identify shadow rules

Is there a way to identify the shadow or redundant rules? I have used Algosec with a different customer, with latest R81.x I heard that Algosec is not feasible because of the layers and zone based policies. There are few thousands of rules that need to be reconciled across multiple gateways and I need to know a way to do this effectively. Has anyone been in a similar situation and has a solution for this?

Thanks!

0 Kudos
3 Replies
Chris_Atkinson
Employee Employee
Employee

SmartOptimize or other analysis leveraging the APIs seem like the most logical approach.

sk161574 may also be relevant here.

CCSM R77/R80/ELITE
PhoneBoy
Admin
Admin

One common optimization tactic is to eliminate rules that have zero hit count.
There is a script for that: https://community.checkpoint.com/t5/API-CLI-Discussion/Disable-Delete-Rules-with-a-Zero-Hit-Count-MD... 

the_rock
Legend
Legend

I agree with the guys. I will tell you what I always do...is it best way to do this, probably not, but I find it useful. I simply export the rules in CSV format and then look for zero hits and also disabled rules.

Screenshot_1.png

Screenshot_2.png

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events