The upcoming new release R81.10 will bring back the capability to Compliance and Best Practices to report on unused Access Control rules. Earlier R8x versions architecture constrains forced R&D to remove this capability listed as ‘Best Practices rule FW145’.
This capability reports all Access Control Rules haven’t been used over the last six months. The logic is checking the ‘hit count’ value of the rules and it can be modified to report even on a custom time frame for example on the last three months. The capability will be integrated into the R81.10 release as part of a Jumbo Hotfix content expected to be available soon after initial release.
Below is sample screen shot of FW145:
In R81.10 Jumbo Fix there is also the option to create a new Custom Best Practice with a rule ‘hit count’ time frame definition. It’s located in the ‘Advanced Settings’ when you create a new Firewall Best Practice.
*Please note that rules inline layers are being checked as well. The parent rule of inline layers are usually not src='Any' Dst ='Any' or 'Internet'. Hence, even though the inline layer rule states src='Any' Dst ='Any' or 'Internet' , the traffic that reaches the inline layer for matching may be skipped because of the parent definition.
