Technical Tip: How to reset the firewall policy counter field

Description

This article provides the CLI commands that are available on FortiOS v6.0 to clear statistics per policy.

Scope

FortiGate.

Solution
GUI Method:

'Right-click' on the policy (under Bytes filter) and use the 'Clear counters' action:

CLI Method:

To show the statistics of policy <policy_id>, run the following command:

diagnose firewall iprope show 100004 <policy_id>

For example:

diagnose firewall iprope show 100004 2
 idx=2 pkts/bytes=144967/135758174 asic_pkts/asic_bytes=0/0 flag=0x0 hit count:663

To clear the statistics for this policy:

diagnose firewall iprope clear 100004 2

diagnose firewall iprope show 100004 2
idx=2 pkts/bytes=17/1814 asic_pkts/asic_bytes=0/0 flag=0x0 hit count:1

Note:

When the counters are cleared on the policy in FortiOS, the following occurs:

1. Information removed: Packet and byte statistics for the specific policy are reset to zero.
2. Information retained: Configuration settings and details of the policy remain unchanged.  

The policy itself is not deleted: only the traffic statistics associated with it are cleared. Packet and Byte Statistics for any policy will not reset if the device reboots. 

Related article:
Technical Tip: How to check the Hit Count, First hit, last hit, and established session count for single or multiple Firewall Policies through CLI and GUI