Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

ON THIS PAGE

Disable Firewall Policy Rules Based on Hits Over a Specified Duration

 

Starting in Junos Space Security Director Release 20.3R1, you can disable firewall policy rules that have not been hit for a specified duration. By disabling rules, you’ll notice performance improvement while updating policies on devices. You’ll need to first configure the option in Junos Space Network Management Platform and then disable the rules from Security Director.

Configure the Application Settings

By default, the option to disable firewall policy rules with no hits, is disabled in Junos Space Network Management Platform. You must enable the Security Director application settings in Junos Space Network Management Platform. Enable Disable policy rules with no hits over a specified duration option and enter the number of days for which you want to disable the firewall policy rules with no hits. See Modifying Settings of Junos Space Applications.

Disable Rules Based on Hits

After you have enabled Disable policy rules with no hits over a specified duration option and entered the days to disable rules with no hits in Junos Space Network Management Platform, you can disable firewall policy rules from Security Director.

Before You Begin

Right-click a policy and select Probe Latest Policy Hits to get the latest policy hit count. See Probe Latest Policy Hits.

To disable firewall policy rules based on hits:

  1. Select Security Director > Configure > <Standard/ Unified Policies>

    The corresponding policies page is displayed.

  2. Right-click a policy and select Disable Rules Based on Hits.

    A confirmation message to disable the policy rules that have not been hit for the configured number of days is displayed.

  3. Click Yes to disable the policy rules.

    The Disable Rules Based on Hits page is displayed.

  4. Click the job ID link to view the job status on the Job Management page.

The rules are disabled based on the last hit date on the Hit Count Details page. If the hit date exceeds the number of days configured, the rule is disabled. See Firewall Policy Rules Main Page Fields.

Note

The rules which are not hit for a single time, will not display the last hit date in the Hit Count Details page and therefore such rules will not be disabled.

A snapshot of the operation is captured so that you can roll back to the previous policy version, if required. See Create and Manage Policy Versions.

Related Documentation