Firewalls that govern the corporate network security often have too many rules implemented because unused and obsolete rules that are no longer needed may remain in the firewall system and cannot be removed automatically. Removal of obsolete firewall rules involves complex manual analytical processes depending on the size of the rule set and the traffic volume. In a large firewall implementation, the obsolete rules create performance issues that have impact to network accessibilities as well as security issues that can potentially allow unauthorized accesses. The firewall generates access logs, which has the rule identification (ID) information. However, the firewall rules are subject to change on an on-going basis and the associated rule IDs are changed as well every time the rules are modified. This behavior makes it almost impossible to identify unused rules using the associated rule ID information.
Therefore, a need exists for a method and apparatus for reducing firewall rules in Internet Protocol (IP) networks.