Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LuisSP
Collaborator

show rule-hits with duplicated id rules

Hi everyone. I've SMB 1490 appliance with r77.20,87 Build 966. 

 

When I run 

my.firewall> show rule-hits

I get

Top Rule Hits
-------------
Rule Number Rule Hits
13 332620
6 283579
13 220694
6 69117
6 68935
13 65383
13 59987
6 50980
18 30623
5 26940
18 15382
5 13210
15 13197
15 10944
0 5905
0 5892
.....

Why do rules id appear more than once? (13, 6, 18, 15, 0 ...)
Why does rule 0 appear? What does this rule id refer to?

0 Kudos
5 Replies
Maarten_Sjouw
Champion
Champion

Sorry, no inline on SMB

Is this unit locally or centrally managed?
Rule number 0 is for implied rules.

Regards, Maarten
0 Kudos
LuisSP
Collaborator

Thaks for you reply, but I don't have inline layers. It's SMB 1490 locally managed without capacity to such layers.

Concern rule number 0, how do I can to know what implied rules (configuration) is matching for?
0 Kudos
Maarten_Sjouw
Champion
Champion

The rule 0 hits are most probably the hits for management ports (however you normally would not see these in logs) and also things like VPN setup and authentication. Things that are allowed but does not have a rule for it.
Regards, Maarten
PhoneBoy
Admin
Admin

From what I've been able to see in TAC cases, multiple instances of a rule may refer to the different rulebases in SMB (inbound versus outbound).
Unfortunately, the platform doesn't provide a way to differentiate the hit counts currently.
LuisSP
Collaborator

Well, in fact some rules appear 4 times. It is unfortunate that I cannot have the visibility in this regard, to improve the order of the rules and with it the performance.

 

I appreciate your comments, thanks.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events