How to Check Which Security Rule is Used the Most

How to Check Which Security Rule is Used the Most

0
Created On 09/26/18 13:51 PM - Last Modified 07/19/22 23:10 PM


Resolution


Overview

There are many rules available on the firewall. Knowing which rule is used the most can identify the one that is allowing or denying the most traffic, along with source and destination IP addresses. This document describes how to determine the most used security rule(s).

 

Steps

  1. Go to Monitor > Manage Custom Reports and click Add.
  2. Select Traffic Log as the Database.
  3. Select a value for Time Frame. For example: Last 30 Days.
  4. Sort by Bytes and group by Rule.
  5. In Selected Columns, add the following:
    • Source Zone
    • Destination Zone
    • Source address
    • Destination address
    • Bytes
    • Rule
    • Session ID
  6. Click Run Now to view the generated report. The report can be generated as a PDF, CSV or in an XML format.

1.JPG

2.JPG

 

owner: dantony
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CltSCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail