There are many rules available on the firewall. Knowing which rule is used the most can identify the one that is allowing or denying the most traffic, along with source and destination IP addresses. This document describes how to determine the most used security rule(s).
Steps
Go to Monitor > Manage Custom Reports and click Add.
Select Traffic Log as the Database.
Select a value for Time Frame. For example: Last 30 Days.
Sort by Bytes and group by Rule.
In Selected Columns, add the following:
Source Zone
Destination Zone
Source address
Destination address
Bytes
Rule
Session ID
Click Run Now to view the generated report. The report can be generated as a PDF, CSV or in an XML format.