Fortinet black logo

Administration Guide

Policy hit count

Policy hit count

You can use FortiManager to view FortiGate policy hit counters. When you run a policy check on a policy package or select the Find Unused Policies option from the Tools dropdown for a policy package, FortiManager shows hit count information for unused policies with zero hit count.

Note

The Find Unused Policies option is unavailable when classic dual pane is enabled. To disable classic dual pane, go to System Settings > Advanced > Advanced Settings, and set the Display Policy & Object in Classic Dual Pane option to Disable.

In FortiManager, the policy hit counts are aggregated across all managed FortiGate units for the policy. When the policy hit counter is reset on the FortiGate, FortiManager subtracts the amount from its hit counters too.

You can add policy hit count information to a policy package pane by enabling it in the Column Settings dropdown. The hit count is collected from managed FortiGate units when either the Refresh Now button in the Hit Counts column header or Refresh Hit Counts in the Tools dropdown is clicked.

The hit count information is excluded from the FortiManager event log, but it's included in the debug log for troubleshooting purposes.

To view policy hit counts:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the tree menu for a policy package, select a policy. The content pane for the policy is displayed.
  4. In the toolbar, click Column Settings, and enable the Hit Count column.
    Hit count information for each policy is displayed within the Hit Count column.
  5. In the toolbar, click Tools > Refresh Hit Counts to fetch an updated hit count report, or hover your mouse over the Hit Count column header and click Refresh Now.
To view the hit count information for unused policies using the Find Unused Policies option:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the toolbar, from the Tools dropdown, select Find Unused Policies.

    The Unused Policies window opens.

  4. In the tree menu, select the policy package, and expand the policy table of your choice in the content pane to see the hit count information for the unused policies only.
  5. Clear the Unused Only checkbox to view all the policies and their hit count information.
To view hit count information for unused policies in the Policy Check Report:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the tree menu, right-click the policy package and select Policy Check.

    The Policy Check dialog opens.

  4. In the Policy Check dialog, click Perform Policy Check, and then click OK.

    Once the policy check finishes, the results are displayed in the Policy Check window.

    The Policy Check window displays the hit count information for all the policies in a policy package.

  5. Select the Unused Only checkbox to view the hit count information for the unused policies only.

Policy hit count

You can use FortiManager to view FortiGate policy hit counters. When you run a policy check on a policy package or select the Find Unused Policies option from the Tools dropdown for a policy package, FortiManager shows hit count information for unused policies with zero hit count.

Note

The Find Unused Policies option is unavailable when classic dual pane is enabled. To disable classic dual pane, go to System Settings > Advanced > Advanced Settings, and set the Display Policy & Object in Classic Dual Pane option to Disable.

In FortiManager, the policy hit counts are aggregated across all managed FortiGate units for the policy. When the policy hit counter is reset on the FortiGate, FortiManager subtracts the amount from its hit counters too.

You can add policy hit count information to a policy package pane by enabling it in the Column Settings dropdown. The hit count is collected from managed FortiGate units when either the Refresh Now button in the Hit Counts column header or Refresh Hit Counts in the Tools dropdown is clicked.

The hit count information is excluded from the FortiManager event log, but it's included in the debug log for troubleshooting purposes.

To view policy hit counts:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the tree menu for a policy package, select a policy. The content pane for the policy is displayed.
  4. In the toolbar, click Column Settings, and enable the Hit Count column.
    Hit count information for each policy is displayed within the Hit Count column.
  5. In the toolbar, click Tools > Refresh Hit Counts to fetch an updated hit count report, or hover your mouse over the Hit Count column header and click Refresh Now.
To view the hit count information for unused policies using the Find Unused Policies option:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the toolbar, from the Tools dropdown, select Find Unused Policies.

    The Unused Policies window opens.

  4. In the tree menu, select the policy package, and expand the policy table of your choice in the content pane to see the hit count information for the unused policies only.
  5. Clear the Unused Only checkbox to view all the policies and their hit count information.
To view hit count information for unused policies in the Policy Check Report:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the tree menu, right-click the policy package and select Policy Check.

    The Policy Check dialog opens.

  4. In the Policy Check dialog, click Perform Policy Check, and then click OK.

    Once the policy check finishes, the results are displayed in the Policy Check window.

    The Policy Check window displays the hit count information for all the policies in a policy package.

  5. Select the Unused Only checkbox to view the hit count information for the unused policies only.