Create a Post
Showing results for 
Search instead for 
Did you mean: 

show rule-hits with duplicated id rules

Hi everyone. I've SMB 1490 appliance with r77.20,87 Build 966. 


When I run 

my.firewall> show rule-hits

I get

Top Rule Hits
Rule Number Rule Hits
13 332620
6 283579
13 220694
6 69117
6 68935
13 65383
13 59987
6 50980
18 30623
5 26940
18 15382
5 13210
15 13197
15 10944
0 5905
0 5892

Why do rules id appear more than once? (13, 6, 18, 15, 0 ...)
Why does rule 0 appear? What does this rule id refer to?

0 Kudos
5 Replies

Sorry, no inline on SMB

Is this unit locally or centrally managed?
Rule number 0 is for implied rules.

Regards, Maarten
0 Kudos

Thaks for you reply, but I don't have inline layers. It's SMB 1490 locally managed without capacity to such layers.

Concern rule number 0, how do I can to know what implied rules (configuration) is matching for?
0 Kudos

The rule 0 hits are most probably the hits for management ports (however you normally would not see these in logs) and also things like VPN setup and authentication. Things that are allowed but does not have a rule for it.
Regards, Maarten

From what I've been able to see in TAC cases, multiple instances of a rule may refer to the different rulebases in SMB (inbound versus outbound).
Unfortunately, the platform doesn't provide a way to differentiate the hit counts currently.

Well, in fact some rules appear 4 times. It is unfortunate that I cannot have the visibility in this regard, to improve the order of the rules and with it the performance.


I appreciate your comments, thanks.

0 Kudos