Network Security: Firewall Rule "Hit" Counters
Display the number of packets that match each rule in the table. So you can locate unnecessary packetfilter rules. Should be able to reset the hit counter(s) as needed, along with a tooltip to show the last time(s) of the previous few hits.
to show how often a firewall policies got hits it would nice to see it in a dashboard or a report. So it is easier to clean up older policies
Show a triggered count of firewall rules/NAT rules so that you can easily cleanup rules that never get triggered.
This would be a giant help when trying to determine obsolete rules.
Track via a hits counter how often packet filter rules are matched. This allows you to see potentially unneeded rules and remove them.
This feature is included in the upcoming release, code-named Project Copernicus. It is currently in public beta. For more details, please see https://www.astaro.org/beta-versions/project-copernicus-public-beta
Checkpoint has this and it is very helpful to identify any misconfiguration.
Thomas Brewster commented
Look into iView - it appears to have some of this functionality. But beware the iView product doesn't seem to be "fully baked" for use with the Sophos UTM yet.
I also rate this.
Good also for performance tuning - move encountered policies higher up!
Hans Stutz commented
This can be done via IPTables in Console. But it would be nice to have it in WebGUI.
Bastien Bobe commented
No one is interested about this rule anymore ?
Cisco ASA firewall has this Feature, it's great for cleaning up the Rules.
Also Cisco ASA firewall has this, it would be a very nice to have feature!
Marcus Hock commented
This would _really_ make rule management easier - Checkpoint added this in R75.40 (yeeeeees, I know, Astaro is not Checkpoint). A very helpful feature though!
If easier (or more efficient) than counters, "last used" field would be sufficient to find unneeded rules.
Michiel Beumer commented
essential for a smooth firewall with many rules!
While you're at it, please make it possible to filter for protocols
charles sterling commented
Currently the archived logs exclude info like "country block" reference so you are forced to sort by rule and then lookup the rules in these groups to locate problem areas.
I think this and other real-time statistics throughout WebAdmin would be great!
Bob Alfson commented
Michael, I think your English says everything you've said in German.