Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

show rule-hits with duplicated id rules

Hi everyone. I've SMB 1490 appliance with r77.20,87 Build 966. 

 

When I run 

my.firewall> show rule-hits

I get

Top Rule Hits
-------------
Rule Number Rule Hits
13 332620
6 283579
13 220694
6 69117
6 68935
13 65383
13 59987
6 50980
18 30623
5 26940
18 15382
5 13210
15 13197
15 10944
0 5905
0 5892
.....

Why do rules id appear more than once? (13, 6, 18, 15, 0 ...)
Why does rule 0 appear? What does this rule id refer to?

0 Kudos
5 Replies
Highlighted

Sorry, no inline on SMB

Is this unit locally or centrally managed?
Rule number 0 is for implied rules.

Regards, Maarten
0 Kudos
Highlighted
Nickel

Thaks for you reply, but I don't have inline layers. It's SMB 1490 locally managed without capacity to such layers.

Concern rule number 0, how do I can to know what implied rules (configuration) is matching for?
0 Kudos
Highlighted

The rule 0 hits are most probably the hits for management ports (however you normally would not see these in logs) and also things like VPN setup and authentication. Things that are allowed but does not have a rule for it.
Regards, Maarten
Highlighted
Admin
Admin

From what I've been able to see in TAC cases, multiple instances of a rule may refer to the different rulebases in SMB (inbound versus outbound).
Unfortunately, the platform doesn't provide a way to differentiate the hit counts currently.
Highlighted
Nickel

Well, in fact some rules appear 4 times. It is unfortunate that I cannot have the visibility in this regard, to improve the order of the rules and with it the performance.

 

I appreciate your comments, thanks.

0 Kudos