Palo Alto Networks Knowledgebase: Tips & Tricks: Highlight Unused Rules

Tips & Tricks: Highlight Unused Rules

Created On 02/07/19 23:56 PM - Last Updated 02/07/19 23:57 PM


The Highlight Unused Rules feature is not often talked discussed, but can be priceless when it comes to auditing a security policy.


I can speak from experience that having to audit firewall security rules has to be one of the more tedious tasks out there for a Security Professional.

From the WebGUI, select "Highlight Unused Rules" at the bottom of the page.

The following screenshot demonstrates the process before selecting "Highlight Unused Rules":



The following screenshot demonstrates the process after selecting "Highlight Unused Rules":


Notice how the rules looks after selecting "Highlight Unused Rules." You can now see exactly what rules have and have not been used since the last reboot. The red boxes around the rules have been added to show you how the "highlight" feature works.

Prior to using the "Highlight Unused Rules", it was difficult to see which rules had been used or not used.  After applying the rules, you can now see that rules 2, 3 and 4 are the only used rules inside this security policy.

This tip should assist you the next time an audit of your security policy is required.


Please see the following document for more detailed information on this option, CLI commands and other ways to audit your rules:

How to Identify Unused Policies on a Palo Alto Networks Device


As always, if you have any additional comments or suggestions, please leave them below.


Thanks for reading.

Joe Delio

  • Print
  • Copy Link

Choose Language