Some times, firewall security administrators have told me... "I have a lot of policy rules on my firewall, how can I discover unused policy rules?" or "I just created a new policy rule, how can I know if this rule has been matching?

With Fortinet Firewalls is really easy to do.

First of all you need to add  a new column in Policy -> Policy section.

It's necessary to add Count option to the right field.


Finally, you will see if the rule was matched or not and how many packets and Megabytes cross through the policy rule.

The counters of all policy rules are set to "0 packets/0 B" when the firewall is rebooted. If the last time that you have rebooted your firewall was one year ago and you have policy rules with "0 packets/0 B", maybe this rules are unnecessary.

Also you can set to 0 the counter of a policy rule manually if you you right-click on the policy and select "Clear Counters".