Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RobertoQ
Employee
Employee

Use Check Point Compliance Blade for unused rules in Firewall rulebase

The upcoming new release R81.10 will bring back the capability to Compliance and Best Practices to report on unused Access Control rules. Earlier R8x versions architecture constrains forced R&D to remove this capability listed as ‘Best Practices rule FW145’.

This capability reports all Access Control Rules haven’t been used over the last six months. The logic is checking the ‘hit count’ value of the rules and it can be modified to report even on a custom time frame for example on the last three months. The capability will be integrated into the R81.10 release as part of a Jumbo Hotfix content expected to be available soon after initial release.

Below is sample screen shot of FW145:

default-bp.png

In R81.10 Jumbo Fix there is also the option to create a new Custom Best Practice with a rule ‘hit count’ time frame definition.  It’s located in the ‘Advanced Settings’ when you create a new Firewall Best Practice. 

create-fw-bp.png

bp-result.png

*Please note that rules inline layers are being checked as well.  The parent rule of inline layers are usually not src='Any' Dst ='Any' or 'Internet'. Hence, even though the inline layer rule states src='Any' Dst ='Any' or 'Internet' , the traffic that reaches the inline layer for matching may be skipped because of the parent definition. 

0 Replies