Disable Firewall Policy Rules with No Hits Over a Specified Duration

Starting in Junos Space Security Director Release 20.3R1, you can disable firewall policy rules that have not been hit for a specified duration. By disabling these rules, you’ll notice performance improvement while updating the policies on devices. You’ll need to first configure the option in Junos Space Network Management Platform and then disable the rules from Security Director.

Configure the Application Settings

By default, the option to disable firewall policy rules with no hits is disabled in Junos Space Network Management Platform. You must enable the Security Director application settings in Junos Space Network Management Platform. Enable Disable Old Rules in a Policy option and enter the number of days for which you want to disable the firewall policy rules with no hits. See Modifying Settings of Junos Space Applications.

Disable Firewall Policy Rules

Now you can disable firewall policy rules from Security Director.

Before You Begin

Right-click a policy and select Probe Latest Policy Hits to get the latest policy hit count. See Probe Latest Policy Hits.

Procedure

Procedure

  1. Select Security Director > Configure > <Standard/ Unified Policies>

    The policies page is displayed.

  2. Right-click the policy and click Disable Old Rules.

    A confirmation message to disable the policy rules that have not been hit for the configured number of days is displayed.

  3. Click Yes to disable the policy rules.

    The Disable Old Rules page is displayed.

  4. Click the Job ID to view the status of the job on the Job Management page.

The rules are disabled based on the last hit date on the Hit Count Details page. If the hit count exceeds the number of days configured, the rule is disabled. See Firewall Policy Rules Main Page Fields.

Note The rules which are not hit even once will not display the last hit date in the Hit Count Details page and therefore such rules will not be disabled.

A snapshot of the operation is captured so that you can roll back to the previous policy version, if required. See Create and Manage Policy Versions.