Hit Count-Based Rule Audit Visibility in SSP
search cancel

Hit Count-Based Rule Audit Visibility in SSP

book

Article ID: 416712

calendar_today

Updated On:

Products

VMware vDefend Firewall with Advanced Threat Prevention VMware vDefend Firewall

Issue/Introduction

Administrators performing firewall audits or rule cleanup activities want to identify unused or low-activity Distributed Firewall (DFW) rules based on hit count metrics.

While reviewing the Firewall Metrics Dashboard in SSP , they observe that only a limited number of rules (around 50) appear under the Top Rules by Hit Count section, and seek clarification on whether complete hit count visibility is available for all rules.

Sample Snippet:

Under "Monitor and Plan" --> "Overview" --> "Firewall Insights",

Environment

SSP 5.0, 5.1

Cause

In SSP, the Firewall Metrics Dashboard provides visibility into DFW rule activity through hit count, session count, byte count, and packet count metrics. However, the current UI limits the display to the top 50 rules by hit count.
This limitation is related to pagination and API query configuration — the dashboard fetches a subset of rule metrics for display efficiency.

Resolution

Currently, hit count visibility is not available for all rules.

Powered by Wolken Software