Network Security: Firewall Rule "Hit" Counters
Display the number of packets that match each rule in the table. So you can locate unnecessary packetfilter rules. Should be able to reset the hit counter(s) as needed, along with a tooltip to show the last time(s) of the previous few hits.
to show how often a firewall policies got hits it would nice to see it in a dashboard or a report. So it is easier to clean up older policies
Show a triggered count of firewall rules/NAT rules so that you can easily cleanup rules that never get triggered.
This would be a giant help when trying to determine obsolete rules.
Track via a hits counter how often packet filter rules are matched. This allows you to see potentially unneeded rules and remove them.
This feature is included in the upcoming release, code-named Project Copernicus. It is currently in public beta. For more details, please see https://www.astaro.org/beta-versions/project-copernicus-public-beta
Come on Sophos, this feature is something that is included in most firewalls and shouldn't have to be begged for over the course of 6 years. This is something that needs to be implemented.
Ok, I found myself. Copernicus is XG Firewall OS and I can upgrade my UTM with it. That's fine. But I had a look at XG now and it seems there is only a filter to filter for unused firewall policies. But what timeframe will be checked here. I wanted to see when a firewall policies was used the last time to see if it is still in use and necessary. To me it seems the filter "unused" only displays policies that are CURRENTLY not in use as they are shown with 0 Bytes in and 0 Bytes out. That does not help very much, indeed almost nothing. Did I miss something here?
What version is Copernicus? Is this already 9.4 or a later version?
We need this also in UTM9!
Checkpoint has this and it is very helpful to identify any misconfiguration.
Thomas Brewster commented
Look into iView - it appears to have some of this functionality. But beware the iView product doesn't seem to be "fully baked" for use with the Sophos UTM yet.
I also rate this.
Good also for performance tuning - move encountered policies higher up!
Hans Stutz commented
This can be done via IPTables in Console. But it would be nice to have it in WebGUI.
Bastien Bobe commented
No one is interested about this rule anymore ?
Cisco ASA firewall has this Feature, it's great for cleaning up the Rules.
Also Cisco ASA firewall has this, it would be a very nice to have feature!
Marcus Hock commented
This would _really_ make rule management easier - Checkpoint added this in R75.40 (yeeeeees, I know, Astaro is not Checkpoint). A very helpful feature though!
If easier (or more efficient) than counters, "last used" field would be sufficient to find unneeded rules.
Michiel Beumer commented
essential for a smooth firewall with many rules!
While you're at it, please make it possible to filter for protocols
charles sterling commented
Currently the archived logs exclude info like "country block" reference so you are forced to sort by rule and then lookup the rules in these groups to locate problem areas.
I think this and other real-time statistics throughout WebAdmin would be great!
Bob Alfson commented
Michael, I think your English says everything you've said in German.