Overview
Firewall Rule Reports is a new feature introduced in Kerio Control 9.6.1 that tracks and displays per-rule traffic usage statistics directly in the administration interface. Administrators can now see exactly which firewall rules are being matched, how often, and by what traffic — without parsing raw connection logs.
This article explains how to enable Firewall Rule Reports for a traffic rule, where to view the resulting data, and why it matters for day-to-day firewall policy management.
In This Article
What Is It?
Firewall Rule Reports adds per-rule usage tracking to the Kerio Control dashboard. For every traffic rule that opts in, Kerio Control records:
- How frequently the rule is matched (hit count)
- Which rules are actively enforced versus rules that have never fired
- Source, destination, action, and service context for each tracked rule
The data is collected and surfaced natively in the Kerio Control administration interface — no external reporting tool, log forwarder, or custom script is required.
How to Enable
Firewall Rule Reports is enabled per rule, directly inside the Traffic Rule configuration. Only rules where you opt in will be tracked and shown in the reports.
- In the Kerio Control administration interface, go to Configuration > Traffic Rules.
- Open an existing rule (or create a new one).
- In the Action dialog, locate the Accounting section.
- Check Internet traffic chart.
- Click OK, then Apply to save the rule.
Tip: Only rules with Internet traffic chart enabled appear in the reports. Repeat the steps above for every rule you want to track.
For background on the Internet traffic chart setting and related traffic monitoring views, see Monitoring traffic in Kerio Control.
Where the Reports Are Displayed
Once enabled, usage data appears on the Kerio Control Dashboard in two complementary views:
| Dashboard Section | What It Shows |
|---|---|
| Most Used Firewall Rules | Top rules ranked by hit frequency. Columns include Rule Name, Action, Usage Count, Source, Destination, and Service. |
| Traffic Rules (Internet traffic only) | Full list of all tracked rules with individual usage counters. |
Use Most Used Firewall Rules to spot your hottest policies at a glance, and the full Traffic Rules list to audit every tracked rule and identify ones that have never been hit.
Why It Matters
For administrators managing firewall policy, Firewall Rule Reports delivers several practical benefits:
| Benefit | Description |
|---|---|
| Visibility at a glance | Instantly see which rules are actively enforced versus rules that have never fired. |
| Policy hygiene | Identify and safely remove stale or redundant rules with confidence — backed by usage data, not guesswork. |
| Faster troubleshooting | Correlate traffic volumes directly to specific rules without digging through connection logs. |
| Compliance-ready | Demonstrate to auditors that specific access controls are active and in use, with evidence drawn from the dashboard. |
| No extra tools needed | Built natively into the Kerio Control dashboard — available as soon as 9.6.1 is installed. |
FAQ
Q1: Which version of Kerio Control do I need?
A1: Firewall Rule Reports is introduced in Kerio Control 9.6.1. Earlier versions do not include this feature; upgrade to 9.6.1 (or later) to use it.
Q2: Why don't I see one of my rules in the reports?
A2: Reports only include rules where Internet traffic chart is enabled in the Action dialog of the rule. Open the rule, tick the checkbox in the Accounting section, and click Apply. Rules without this option enabled are not tracked or displayed.
Q3: Can I use Firewall Rule Reports to clean up unused rules?
A3: Yes — that is one of the primary use cases. Enable Internet traffic chart on the rules you want to evaluate, leave them in place for a representative period of normal operations, and then review usage counts on the dashboard. Rules with zero hits over a meaningful sample window are strong candidates for review and removal. As always, validate carefully before deleting any rule that could be exercised only by infrequent traffic patterns.
Ciprian Nastase
Comments