A computer implemented method of reducing central processing unit (CPU) usage of a firewall by safe reordering a current firewall's rule-base exhibiting N rules. The method comprising: receiving rule usage statistics exhibiting usage frequency of each rule on the current firewall's rule-base; calculating a rules matched per packet (RMPP) parameter, being a summation of products of each rule identifier and the corresponding usage frequency for all the N rules; determining an alternative order of the rule base by repositioning rules, wherein the repositioned rules perform the same action on the firewall, or wherein the repositioned rules act on disjoint sets of network connections, and wherein the repositioning results in a reduction of the RMPP of the reordered rule base, thereby reducing the CPU usage of the firewall in implementing the alternative order of rules.