Video Screencast Help

Manage a large firewall policy

Created: 05 Mar 2012 • Updated: 06 Mar 2012 | 1 comment
Boman's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote
Status: In Review


I struggling with a very large firewall policy in SEP applied to many clients in a big organization.

I would like the possibility to see how often an individual firewall rule is being used.

This will make my life much simpler and I can keep the amount of rules to a minimum for best performance.

One suggested solution would be have a new "logging" alternative. Instead of "write to traffic log" or "write to packet log" there could be an option to "write to usage log".
This should not log more than when being used and a date/time stamp.

Today when enabling "write to traffic log" or "write to packet log" on to many rules or a rule which is used very frequent, you may end up with a lot of data being written to the sequel database which is not necessary.

Comments 1 CommentJump to latest comment

Elisha's picture

You can query the database to see how many time each rule is triggered.  It would be a manual SQL query, but it would tell you the count for each rule that got triggered.

Login to vote