Re: Generate report for existing firewall rules

AkshayaArunan1346 · ‎08-09-2019

I need to extract the rules which can be disabled on my firewall.

Additionally number of rules which has been put to regulate traffic flow between each existing region from last one year.

Can anyone help me with the information or any link with which I can generate the same from the Firepower management center.

Francesco Molino · ‎08-09-2019

Hi

What version of FMC are you running?
If you go into your ACP menu, you'll have a button"Analyze Hit counts".
Then a popup window open up at the bottom of the page, you select AC (Access Control), and you'll be able to generate a PDF of the results.
If you want to export rules themselves, you'll need to use API calls because there isn't any other export methods.

Is that what you're looking for?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

AkshayaArunan1346 · ‎08-10-2019

Its 4500. I cannot find the mentioned tabs.

Marvin Rhoads · ‎08-10-2019

The "Hit counts" feature for access control and prefilter rules was only added in Firepower Management Center release 6.4.

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/relnotes/firepower-release-notes-640/features.html

Francesco Molino · ‎08-12-2019

Which version are you running because as mentionned by @Marvin Rhoads, only available on version 6.4 and +
That's why I asked what version of FMC you're running as 1st question :-)

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

AkshayaArunan1346 · ‎05-10-2020

Its 6.4 v