Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sanjay_S
Advisor

Hi All,

May i know how the hit counts on the ACL is updated. Because we have enabled logging for the ACL and can see hit count for that ACL is around 10k but all of sudden it will be 0 hits and then after few days it will show some count. So not really understood how it works. Does it update every day, every week? Please help. This is quite important for us to remove some unwanted rules configured on the firewall.

Regards,

Sanjay S

0 Kudos
7 Replies
Sanjay_S
Advisor

Also does the Hit Count for an ACL depends on the logging we enable on the rule? Can i get more info on this please.

0 Kudos
Uriel_F
Employee
Employee

Indeed most of the information can be found in the above articles.

Specifically regarding the above questions: 

1. The above situation sounds like an issue encountered in the past and described in sk138033: Hit Count stays at 0 for some rules, please follow the instructions in the SK, if the issue is not resolved, please open a support ticket, so we can assist you.

2. Does the Hit Count for an ACL depends on the logging we enable on the rule? No you don't have to turn on logs on any rule to get hitcount information, the pre-requisite is to make sure Hit Count is enabled. First from File->Global Properties->Hitcount. Afterwords open the relevant gateway object, and make sure Hit Count is enabled in the Hit Count page

Timothy_Hall
Legend Legend
Legend

Hit counts are normally updated every 3 hours, except right after a policy installation where they are updated every 60 seconds for 3 minutes (3 times in total).  How far back the hit counts go historically is controlled from a Global Properties setting and may be set anywhere between 3 months to 2 years, but usually defaults to either 3 or 6 months depending on your version and how you got there (i.e. upgrades vs. fresh install). 

This SK should answer any other questions you might have: sk79240: Hit Count debugging

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
G_W_Albrecht
Legend Legend
Legend

Should rather be called sk79240: ATRG: Hit Count 😎

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Sanjay_S
Advisor

This was really helpful to understand that there is no connection between enabling logging and the Hit count for the rules. They both are different features of Checkpoint. But one doubt which i raised initially, why does the rule shows 0 hits today and tomorrow it will show some thousands of hits. Thought File->Global Properties->Hitcount is set to 3Months and no specific configuration on the rules for HitCount. Any suggestions on this?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Did you look into it using sk138033: Hit Count stays at 0 for some rules ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events