Used Rules Not Shown for Cisco ASA (FWA)

Used Rules Not Shown for Cisco ASA (FWA)

For every transaction happening in Cisco Firewall, an rule configured in it matches. This matched policy along with complete transaction detail is audited through Message-ID 106100.  Please follow the below link which provides more information about the same. This message identifier will provide information for both accepted and denied transactions.


The log containing the above information is forwarded to Firewall Analyzer machine via syslog. We parse these information to get the "Used" rules. This information is populated in  "Firewall Rules Report" --> "Top Used Rules" report.
 
Categorization is based on ACL group and not based on ACL entries.  The information that is provided by Cisco as part of syslog message is the "ACL" name.  So with the help of complete access-list fetched from the firewall, we can show "Unsed Rules" based on "ACL" and not fine grained to ACL entries.

To find out which particular ACL entry is used or not, please click on the particular rule name in "Firewall Rules Report" --> "Top Used Rules", you will be able to see the entries in it with corresponding hit count.
          • Related Articles

          • Fix for Cisco ASA showing 0.0.0.0.0.0 for source and Destination for build 9900

            Thank you for your time during the call. Please follow the below steps and check on the issue: 1) Stop the NetFlow Analyzer Service. 2) Open Command prompt as administrator and navigate to NetFlow_Home/bin and execute startDB.bat two times for ...
          • FIX for NFA-10250 for ASA issue and OUT traffic not shown for devices

            This Patch is applicable only over the NetFlow Analyzer build 10250 Please download and unzip the patch file from the below link: https://uploads.zohocorp.com/Internal_Useruploads/dnd/NetFlow_Analyzer/o_19uprk25h3r21ci71tru24t1ule1/Fix.zip It ...
          • Barracuda Firewall support-FWA 12100

            Please follow below steps when apply the fix. Stop the Firewall Analyzer service. Move the FirewallService.jar from <OpManager_Home>\lib location to a different directory Download the updated FirewallService.jar and save it in the above folder ...
          • Mssql custom port & custom instance issue: FWA

            The below fix has to be applied after ensuring the bcp files are copied and the native client is installed. 1. Go <HOME>\conf location, open database_params.conf file. 2. Add 'instanceName = <db instance Name>' parameter in the url.             ...
          • Netflow(Plug-in) statistics not shown in Opmanager

            When the Netflow(Plug-in) statistics doesn't show up in Opmanager, follow the steps listed below to fix the issue - 1 - Stop the Opmanager service. 2 - Navigate to %Opmanager%\netflow\webapps\netflow\WEB-INF 3 - Edit the security.xml file, search for ...