#1. as Phoneboy wisely said, I believe the sharing of the Hitcount is a known limitation due to sharing of the RuleUID - still verifying for sure.

#2. for the Logs issue: That should work, as the inline layer rules are differentiated by their parent layer.

        Example: rule:5.x (or 9.x, like rule:5.1) should work & only show that exact rule's logs.

   Are you absolutely sure that don't have any logs matching the 2nd/3rd inline layers of 4.1 & 5.1?

   Did you check their Lower pane Logs view (Current Rule) -> No Logs at all.

   You're saying that rule:4.1's Current rule shows logs from all 3 layers (including from rules 5.1 & 9.1)?

Can you also share a few examples of logs from the 2nd/3rd inline layers showing matches from these rules? (5.x or 9.x?)

# Privately or publicly here, whichever suits you.

# Feel free to email me directly at: drora@checkpoint.com (Dror Aharony).

#1: Hitcount on shared inline layers > Currently a limitation. I'll try to push for a fix.

#2. Matching logs on different uses of same shared inline layer > as I said, It works in general.

      This has to be something specifically on your env. We'll need to investigate it, as there isn't an easy answer here.

      Can you share any logs matching the other inline layer rule uses (5.1 or 9.1)? [privately]

Hi,

according to your screenshot of the rule base, i'm wondering why do you think you will have hit on rules 5.1 and 9.1?

i'm not sure you should be matched on those rules.

Rule 5 is traffic that goes from External Zone to specific web server so how 5.1 will be matched?

Rule 9 is any any with RDP services how 9.1 will be matched?