An easy way to find out your top 5 used rules in R76 and above from the CLI (command-line interface) on your Check Point firewall is to type cpstat blades. The command is not super intuitive, but it does produce results. [Expert@CN-Gaia-A:0]# cpstat blades |grep -A9 "Top Rule" Top Rule Hits ----------------------- |rule index|rule count| [...]
When acceleration is enabled in Check Point, you will not see the entire packet. When troubleshooting, engineers often disable SecureXL acceleration and do not re-enable it. Whether on the fly or on a scheduled basis, this is how you can ensure the entire infrastructure is running at an optimal state.