I am attempting to do a Firewall Review using our Sophos UTM. Auditors want to make sure we clean up any unused firewall rules that we havent used. Would you be able to tell me the easiest way to review this? It very well could be possible that nothing needs to be cleaned up... its to verify. Thank you.
Hi and welcome to the UTM Community!
You would need to mark each of your firewall rules to log, wait a week and then check the logs.
This seems like an unusual audit request for a device that handles most traffic before the firewall rules are considered - see #2 in Rulz (last updated 2019-04-17).
If your current Sophos partner can't help you with this, ask Sophos Sales to recommend someone in your area.
Cheers - BobPS Moving this thread to the Network Protection forum.