How to clear rule-hit-count for a specific rule

• Palo Alto Firewall.
• PAN-OS 8.1, 9.0 and 9.1.
• Policy Rule Hit Count enabled.

1. Check for a rule that has hit counts to clear the counter using "show rule-hit-count" command as displayed below.

admin@PA5020(active)> show rule-hit-count vsys vsys-name vsys1 rule-base security rules all 

Rule Name                                   Hit Count       Last Hit Timestamp            Last Reset Timestamp
          First Hit Timestamp          
-----------------------------------------------------------------------------------------------------------------------    
Src_NAT-GEO                                   1278            Fri Apr 24 12:59:49 2020      -          <<rule to clear counter
          Mon Feb 11 11:40:01 2019     
Src_NAT                                       20175977        Fri Apr 24 20:10:53 2020      -    
          Mon Feb 11 11:40:56 2019

2. Clear the counters for that rule using "clear rule-hit-count" command as displayed below.

admin@PA5020(active)> clear rule-hit-count vsys vsys-name vsys1 rule-base security rules list Src_NAT-GEO

Succeeded to reset rule hit count for specified rules

3. Check the rule to verify the counter is clear.

admin@PA5020(active)> show rule-hit-count vsys vsys-name vsys1 rule-base security rules all

Rule Name                            Hit Count       Last Hit Timestamp            Last Reset Timestamp
          First Hit Timestamp          
----------------------------------------------------------------------------------------------------------------------
Src_NAT-GEO                            0               -                       Fri Apr 24 20:12:54  2020   <<counter is reset to 0                            
Src_NAT                             20176235       Fri Apr 24 20:13:01 2020      -

Rule Usage Hit Count Query