Objects Utilization Report

Sorin_Gogean · ‎2022-06-08

Hello everyone,

We're in a process to clean-up the old objects that we have on our CheckPoint environment. For that, we were using until last year, usage reports on rules/groups/objects from AlgoSec, but today that option is not available anymore.

As example:

So, can you recommend a way to generate some Usage Reports on Groups/Objects, so we would easily identify the "obsolete" ones.

Thank you,

Timothy_Hall · ‎2022-06-08

I don't think you can can easily determine which objects are hit the most without doing some heavy log crunching with something like Algosec. However there is a hidden option in the Object Explorer that can show you completely unused objects:

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

Sorin_Gogean · ‎2022-06-08

Hey @Timothy_Hall ,

Thank you for pointing that out,

I was aware of that option, but it shows the defined objects that are not used in any rule.

And most definitely we can use that for clean-ups of orphaned objects, but like you concluded we're looking for the other option "doing some heavy log crunching with something like Algosec".

In the end I'll play dumb and get an AlgoSec Demo for a month or so, and still have some better view/reporting, if no other tool can do this.

Ty,

Matlu · ‎2023-08-08

Hello,

Can I be 100% sure and confident that this option shows me all those objects that are not being used, and therefore, I can safely remove them from the SMS?

I currently have an SMS Smart-1, which is showing me more than 500 Items "apparently" that are not being used.

Greetings.

the_rock · ‎2023-08-08

Hey bro,

Yes, I am 100% POSITIVE the ones that show up in unused objects are indeed unused. I feel confident about it, because I went over that in at least 5 different labs and 2 of them had probably close to 100 objects showing there and I clicked on "where used" on every single one of them and it was not used anywhere. I always say to people, just to be on the safe side, you can do the same, but backup/migrate_server is better to have, just in case.

Andy

Matlu · ‎2023-08-08

Thank you for clarifying my doubt.

One question I have is, deleting such a large number of objects (more than 500), doing it manually through the SmartConsole, is too exhausting.

Are there ways/options to delete such amount of objects that are already "unusable"?

Thank you. 🙂

the_rock · ‎2023-08-08

Yes, you have to keep clicking CTRL to highlght as many as you can and then delete them.

Andy

the_rock · ‎2023-08-08

You can also do CTRL+A to highlight all of them, but does not always work lol

Andy

Matlu · ‎2023-08-08

Thank you.

I will delete all the objects listed as "not used".

Some objects in the MODIFIER field are listed as "WEB API" and "System".

I guess that shouldn't worry us, right?

As long as they are listed as unused, we can delete them with peace of mind.

the_rock · ‎2023-08-08

Si senor 🙂

Bob_Zimmerman · ‎2023-08-09

One SUPER IMPORTANT NOTE: Automatic NAT counts as a property of the object, not as a use of the object. Deleting an object which has automatic NAT rules can break stuff, even if Where Used says the object is not used.

Timothy_Hall · ‎2023-08-08

Yes as @the_rock said the Unused Objects is 100% accurate. In much older releases there was an issue where objects could show up here even though they implemented needed Automatic NAT rules in their properties, and when the objects were removed the results were...unfortunate for NAT functionality. Thankfully that was fixed long ago.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

Bob_Zimmerman · ‎2023-08-09

Unfortunately, still an issue as of R81.10 jumbo 110.

Henrik_Noerr1 · ‎2023-08-09

wow, that is toxic.

Thanks for bringing it up

the_rock · ‎2023-08-09

I noticed in R81.20 as well..

Timothy_Hall · ‎2023-08-09

Reading this thread I knew something was wrong here as I remember this issue being fixed. I tested it in my lab and what I remember being rectified is not the "Where Used" function that @Bob_Zimmerman correctly points out, but the "Unused Objects" setting on the Objects Explorer, which does exhibit the proper behavior when Automatic NAT rules are present as shown below. This was on R81.20 but I'm confident the fix was introduced somewhere in R80.X0 releases:

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

the_rock · ‎2023-08-09

Yep, thats 100% the case. Just did it in my R81.20 lab and exact same results.

Andy

Matlu · ‎2023-08-09

Hello,

So, according to the latest comments I'm reading.

It is no longer 100% safe to "delete everything" that appears in "Unused Objects"?

I would still have to manually check every single object before "deleting" it?

😞

Greetings.

the_rock · ‎2023-08-09

If there is nat on the object, then it will NOT show as hidden. Sorry, I meant unused.

Andy

Matlu · ‎2023-08-09

If I have an object with an "AUTOMATIC NAT", will this type of object not appear in the "UNUSED OBJECTS" list?

This is my understanding.

Is my interpretation correct?

Then, I can "recover" the faith in the UNUSED OBJECTS (and delete what appears in this list, without fear).

😇

the_rock · ‎2023-08-09

Correct bro. Any object with nat, static or dynamic, will NOT appear in unused object.

Andy

Matlu · ‎2023-08-09

Ok.

Then, I can debug, without fear.

Thanks for your help.

the_rock · ‎2023-08-09

No problem.

the_rock · ‎2023-08-09

Regardless, I would still always generate backup/migrate_server.

Andy

Matlu · ‎2023-08-09

Oka.

I see that you recommend, to take the backup, with the "migrate_server export".

Is it no longer recommended to use the "migrate export"?

the_rock · ‎2023-08-09

https://support.checkpoint.com/results/sk/sk135172

Are you a member of CheckMates?

Objects Utilization Report