SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Network Security: Firewall Rule "Hit" Counters

Display the number of packets that match each rule in the table. So you can locate unnecessary packetfilter rules. Should be able to reset the hit counter(s) as needed, along with a tooltip to show the last time(s) of the previous few hits.

175 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    PBehmerPBehmer shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    21 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        I loved this feature in Fortigates. I was sad to see the UTM not have this feature. I used this a lot for monitoring rule usage, troubleshooting rules, and locking down rules.

        Having this feature in the XG firewall does no good for us UTM users!

      • JeffJeff commented  ·   ·  Flag as inappropriate

        Come on Sophos, this feature is something that is included in most firewalls and shouldn't have to be begged for over the course of 6 years. This is something that needs to be implemented.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Ok, I found myself. Copernicus is XG Firewall OS and I can upgrade my UTM with it. That's fine. But I had a look at XG now and it seems there is only a filter to filter for unused firewall policies. But what timeframe will be checked here. I wanted to see when a firewall policies was used the last time to see if it is still in use and necessary. To me it seems the filter "unused" only displays policies that are CURRENTLY not in use as they are shown with 0 Bytes in and 0 Bytes out. That does not help very much, indeed almost nothing. Did I miss something here?

      • Thomas BrewsterThomas Brewster commented  ·   ·  Flag as inappropriate

        Look into iView - it appears to have some of this functionality. But beware the iView product doesn't seem to be "fully baked" for use with the Sophos UTM yet.

      • Hans StutzHans Stutz commented  ·   ·  Flag as inappropriate

        This can be done via IPTables in Console. But it would be nice to have it in WebGUI.

      • SLSL commented  ·   ·  Flag as inappropriate

        Cisco ASA firewall has this Feature, it's great for cleaning up the Rules.

      • Marcus HockMarcus Hock commented  ·   ·  Flag as inappropriate

        This would _really_ make rule management easier - Checkpoint added this in R75.40 (yeeeeees, I know, Astaro is not Checkpoint). A very helpful feature though!
        If easier (or more efficient) than counters, "last used" field would be sufficient to find unneeded rules.

      • Michiel BeumerMichiel Beumer commented  ·   ·  Flag as inappropriate

        essential for a smooth firewall with many rules!
        While you're at it, please make it possible to filter for protocols

      • charles sterlingcharles sterling commented  ·   ·  Flag as inappropriate

        Currently the archived logs exclude info like "country block" reference so you are forced to sort by rule and then lookup the rules in these groups to locate problem areas.

      • ScottScott commented  ·   ·  Flag as inappropriate

        I think this and other real-time statistics throughout WebAdmin would be great!

      ← Previous 1

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.