This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kid555
Participant
‎2023-07-04 07:01 AM
Jump to solution

Set specific timestamp to determine hit count for all firewall rule in the SMS & Reset hitcount

Hi All,

I am checking if I can set specific timestamp to determine the hit count for all firewall rules in the SMS.

Tried looking around for SK but wasn't able to find one.

 

And can I confirm the below KB to reset the hit count for a specific rule/all rules?

How to reset Hit Count for a specific rule: SK111832

How to reset the Hit Count in R80.x: SK111162

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-07-05 08:23 AM
In response to Kid555
Jump to solution

This needs to be done through the API.
More precisely, you can query a specific Policy Layer to provide the hit counts since a given time (e.g. show-hits true hits-settings.from-date "2014-01-01")
See: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-access-rulebase~v1.9%20
I am not aware of a way to accomplish this in SmartConsole and will probably require a script. 

View solution in original post

7 Replies
_Val_
Admin
Admin
‎2023-07-04 08:31 AM
Jump to solution

The question is not clear, could you please elaborate? What are you trying to do?

0 Kudos
Kid555
Participant
‎2023-07-04 07:04 PM
In response to _Val_
Jump to solution

for the first inquiry, "Set specific timestamp to determine hit count for all firewall rule"

I want to check if there is a way for me to view/set the timestamp on every hitcount on all my firewall rules

0 Kudos
_Val_
Admin
Admin
‎2023-07-05 12:00 AM
In response to Kid555
Jump to solution

Once again, could you please elaborate, all rules in the policy package reset to 0, or just one/some of the rules

0 Kudos
Kid555
Participant
‎2023-07-05 12:12 AM
In response to _Val_
Jump to solution

Hi Val, Apologies for the confusion. 

Instead, can I enquire about this,

"Set specific timestamp to determine hit count for all firewall rules"

I want to check if there is a way for me to view/set the timestamp on every hit count on all my firewall rules?

0 Kudos
_Val_
Admin
Admin
‎2023-07-05 12:21 AM
In response to Kid555
Jump to solution

Depending on your SmartConsole settings, you see the number of hits for up to 3 months. Full info is in the user guide, for example: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuid...

 You can also shorten it to 1 day, 1 week, and 1 month, see the guide. 

With the solutions above, there are ways to reset either all hit DB or specific rules. After the reset, the hit counts will be accumulated according to your indication period, once again, up for three months. It is fair to say that, if you did not modify anything from default, all counters show you the last three-month data from this very point in time.

Hope it answers your question. If not, ask again 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-07-05 08:23 AM
In response to Kid555
Jump to solution

This needs to be done through the API.
More precisely, you can query a specific Policy Layer to provide the hit counts since a given time (e.g. show-hits true hits-settings.from-date "2014-01-01")
See: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-access-rulebase~v1.9%20
I am not aware of a way to accomplish this in SmartConsole and will probably require a script. 

the_rock
Legend
Legend
‎2023-07-04 09:15 AM
Jump to solution

Hey @Kid555 

As far as first SK you pointed out, procedure is pretty simple and I tested it in my R81.20 lab and worked fine. Does it not work for you? Cause literally all you do is what it says, copy/paste the rule, then delete original rule, push policy, thats it. Also, something else worth pointing out (at least from my experience), I never found hit count to work CONSISTENTLY, until R1.20, where it works flawlessly. So, as long as your mgmt is on R81.20 and gateways at least R81+, even NAT policy rules hit count works as expected, which never worked properly before.

Andy

 

To reset the Hit Count for specific rule(s), proceed as follows:

  1. Open the relevant policy package via SmartConsole.

  2. Copy/paste the rule you want to reset Hit Count for.

  3. Delete the original rule.

  4. Install the Security policy.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events