Hi community,
We have a pair of 4150 FTDs being managed by an FMC 1000. As part of our policy configuration we have a default action of deny for any traffic that does not match an allow policy. We also have logging enabled for this rule. I was looking to create a report that showed the top number of flows (source->destination with associated ports) based on the amount of times the flow had hit the deny policy to allow us to quickly identify devices that are potentially misconfigured to reduce the amount of unnecessary processing the firewall has to complete. I took a look in the report templates and can't find anywhere obvious I can enable this? Is this at all possible?
Thanks