Resetting the virtual system policy matching count on the USG6000

88

The match count can be cleared.
Log in to the web UI using the root system administrator account and select the corresponding virtual system on the upper-right corner. Choose Policy > Security Policy and click Reset in the match count area.

Other related questions:
Security policy matching order on the USG6000 series
When multiple security policies are to be matched, they are matched in a specific order. Therefore, you are advised to configure more fine-grained security policies first.

Security policy matching order on the USG6000
On the USG6000, the device preferentially executes security policies configured earlier. Therefore, you are advised to first configure security policies with smaller matching scopes and accurate matching conditions and then configure security policies with larger matching scopes and wider matching conditions.

Query of policy matching logs on the USG6000 series
By checking policy matching logs, you can learn traffic matching policies and determine whether security policies are correctly configured or achieve expected effects, to facilitate fault locating. Context Only the USG6000 supports policy matching logs, and such logs can be displayed only when a hard disk is installed. For the USG6650/6660/6670/6680, the policy matching log page is displayed no matter whether hard disks are installed. The firewall is deployed between the Internet and the network to be protected. If traffic matches a security policy, a policy matching log is generated. Before querying policy matching logs, run the log type policy enable command on the firewall to enable the policy matching log function. Choose Monitor > Log > Policy Matching Log to view information about policy matching logs. Choose Customize and select/deselect conditions for the display of policy matching logs. Click Export to export policy matching logs in CSV format to the management PC.

Configuring virtual systems on the USG6000 series
The virtual system has the following application scenarios: 1. An enterprise may have multiple departments, and each department has specific functions and responsibilities and requires specific network management policies, which complicate the configuration. As the egress gateway of the enterprise network, the NGFW uses virtual systems to manage departments separately, simplifying the configuration. For configuration details, search for "Web Example for Configuring Virtual Systems to Isolate Enterprise Departments (Layer-3 Access, Virtual Systems Sharing the WAN Interface of the Root System)" in the product documentation. 2. The NGFW functions as the access gateway of the office area of a large campus network to protect the intranet. The intranet has multiple service departments, and the administrator configures virtual systems for each department to implement independent management over department networks. For configuration details, search for "Web Example for Configuring Virtual Systems to Isolate Enterprise Departments (Layer-3 Access, Virtual Systems Having Independent WAN Interfaces)" in the product documentation. 3. When the NGFW connects to an intranet through Layer-2 access, configure virtual systems to isolate enterprise departments and facilitate configuration management by different administrators. For configuration details, search for "Web Example for Configuring Virtual Systems to Isolate Enterprise Departments (Layer-2 Access)" in the product documentation.

Method used to export policy matching logs on the USG6000
The method used to export policy matching logs on the USG6000 is as follows: 1. Choose Monitor > Logs > Policy Matching Logs. 2. Select Column Customization and select or cancel various types of conditions displayed in policy matching logs. 3. Click Export to export policy matching logs in the CSV format to the administrator's PC.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top