Network Security: Firewall Rule "Hit" Counters
Display the number of packets that match each rule in the table. So you can locate unnecessary packetfilter rules. Should be able to reset the hit counter(s) as needed, along with a tooltip to show the last time(s) of the previous few hits.
This feature was implemented in XG Firewall
When in UTM devices?
I loved this feature in Fortigates. I was sad to see the UTM not have this feature. I used this a lot for monitoring rule usage, troubleshooting rules, and locking down rules.
Having this feature in the XG firewall does no good for us UTM users!
Please implement this feature in UTM-Code!
Come on Sophos, this feature is something that is included in most firewalls and shouldn't have to be begged for over the course of 6 years. This is something that needs to be implemented.
Ok, I found myself. Copernicus is XG Firewall OS and I can upgrade my UTM with it. That's fine. But I had a look at XG now and it seems there is only a filter to filter for unused firewall policies. But what timeframe will be checked here. I wanted to see when a firewall policies was used the last time to see if it is still in use and necessary. To me it seems the filter "unused" only displays policies that are CURRENTLY not in use as they are shown with 0 Bytes in and 0 Bytes out. That does not help very much, indeed almost nothing. Did I miss something here?
What version is Copernicus? Is this already 9.4 or a later version?
We need this also in UTM9!
Checkpoint has this and it is very helpful to identify any misconfiguration.
Thomas Brewster commented
Look into iView - it appears to have some of this functionality. But beware the iView product doesn't seem to be "fully baked" for use with the Sophos UTM yet.
I also rate this.
Good also for performance tuning - move encountered policies higher up!
Hans Stutz commented
This can be done via IPTables in Console. But it would be nice to have it in WebGUI.
Bastien Bobe commented
No one is interested about this rule anymore ?
Cisco ASA firewall has this Feature, it's great for cleaning up the Rules.
Also Cisco ASA firewall has this, it would be a very nice to have feature!
Marcus Hock commented
This would _really_ make rule management easier - Checkpoint added this in R75.40 (yeeeeees, I know, Astaro is not Checkpoint). A very helpful feature though!
If easier (or more efficient) than counters, "last used" field would be sufficient to find unneeded rules.
Michiel Beumer commented
essential for a smooth firewall with many rules!
While you're at it, please make it possible to filter for protocols
charles sterling commented
Currently the archived logs exclude info like "country block" reference so you are forced to sort by rule and then lookup the rules in these groups to locate problem areas.