Manual Chapter :
Monitoring Firewall Rules
Applies To:
Show VersionsBIG-IQ Centralized Management
- 5.2.0
About firewall rule monitoring
In BIG-IQ™ Network Security, you can monitor:
- Firewall rule statistics, such as the number of times inbound network traffic matches a firewall rule on a BIG-IP™device (also referred to as a firewall rule hit count) as well as the rule overlap status.
- Firewall rule compilation statistics for a set of rules associated with a firewall context on a BIG-IP device.
You access this firewall rule monitoring by selecting Network Security from the BIG-IQ menu and then clicking Monitoring.
You can generate reports about firewall rules by selecting Network Security from the BIG-IQ menu and then clicking Policy Editor, and then selecting Firewall Rule Reports.
Monitoring firewall rule statistics and hit counts
You can monitor firewall rule statistics and hit counts on one or more BIG-IP™ devices using Network Security monitoring.
Note: Firewall
rule statistics are collected for the rules in the enforced policy associated with a
firewall, but not the rules in a staged policy.
Note: If a virtual server,
route domain or self IP is created using the BIG-IQ™ system,
firewall statistics cannot be collected until the changes are deployed to the device
and reimported.
Monitoring firewall rule compilation statistics
You can monitor rule compilation statistics on one or more BIG-IP™ devices using Network Security monitoring. This information is similar
to what is displayed when using the tmsh show security firewall
container-stat command.
Note: If a firewall context references a policy that
is both staged and enforced, there will be two entries in the compilation
statistics: one for the enforced policy and one for the staged
policy.