Paloalto firewall clear application usage data

From Notes_Wiki

Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paloalto firewall clear application usage data

On the Policy -> security page we can see some values related to each rule such as:

  • When was the rule created
  • When was it last modified
  • No. of hits etc.

Along with this we also see a link showing count / types of application identified/allowed based on that rule. In most organizations we may have a final Internet LAN-WAN allow rules for HTTP/HTTPS services with URL filtering and other security profiles. We may want to know which applications are allowed by this rule.

Once we see this information and we want to reset it again so that firewall reports only new applications seen from now on and not old applications, we can use below steps to reset application usage data:

  1. Login into firewall Web UI and go to Policy -> Security
  2. Click on down arrow in front of rule name and choose option "Copy UUID"
    Or if UUID column is enabled on the view we can copy rule UUID directly from there
  3. Open SSH connection to firewall and execute
    clear policy-app-usage-data ruleuuid <uuid-value>
  4. After this you should see 0 seen application count against that rule after you do normal browser refresh.


Refer:

Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paloalto firewall clear application usage data