Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Steven_Lengua
New Contributor

Rule Usage - Fortigate 600C

Is there a way to check and see what rules are actually being hit? I' m new to Fortinet and one of the items I have been tasked with is, checking to see what rules are being used and which rules are still needed. I' m a Checkpoint guy, so not very familiar with Fortinet although I' ve gotten a bit better with more than two weeks under my belt now. Does anyone know how or if there is a way to see what rules are being hit / used?

CAlengua

CAlengua
5 REPLIES 5
Carl_Wallmark
Valued Contributor

Hi, Very simple: Go to your policy view, and look at the right, you should have column called " Count" , there you can see packets and amount of data for every policy. If you dont have the column, simply right click on a column name and select " Count"

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Jordan_Thompson_FTNT

As Selective mentioned, the " Count" column is useful for this. You didn' t mention which firmware version you are using, but assuming FortiOS 5.0 or 5.2 there are two additional columns that would help you:- * Last Used (indicates the last time the policy was hit by any traffic) * Sessions (indicates current number of active sessions on that policy)
Carl_Wallmark
Valued Contributor

Nice one, did not notice the " Sessions" column.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
ede_pfau
SuperUser
SuperUser

Before changing the column layout, you might switch to ' Global View' to overlook ALL policies at once. Column settings are specific for each view. IMHO ' Last Used' and ' Sessions' are new to FOS 5.2, right?
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Jordan_Thompson_FTNT

IMHO ' Last Used' and ' Sessions' are new to FOS 5.2, right?
No, both columns are available in 5.0 as well. Here' s another tip if you find that you constantly need to customize the default policy columns:- http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/gui.070.03.html Both of these tips (and a few others) were included in this recent video guide:- http://video.fortinet.com/playlist/featured-playlist/chapter/2/-3
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors