05-10-2007 12:25 AM - edited 03-11-2019 03:11 AM
Hello all,
i have a lot of rule on my V7.0 PIX and i want to know if there is a way to find an used rules in order to reduce the number of rules or maybe to know last time rules have been used or matched ?
Thank you
05-10-2007 01:47 AM
Hi
If you do a "sh access-list" from enable mode you should see the hit count at the end of the line eg:
access-list from_prod1 line 1 permit tcp object-group prod_machines host 10.228.56.2 eq telnet
access-list from_prod1 line 1 permit tcp host 10.228.51.51 host 10.228.56.2 eq telnet (hitcnt=12)
access-list from_prod1 line 1 permit tcp host 10.230.24.77 host 10.228.56.2 eq telnet (hitcnt=0)
access-list from_prod1 line 1 permit tcp host 10.181.66.12 host 10.228.56.2 eq telnet (hitcnt=0)
access-list from_prod1 line 1 permit tcp host 10.228.50.95 host 10.228.56.2 eq telnet (hitcnt=0)
access-list from_prod1 line 2 permit tcp object-group prod_machines host 10.228.56.3 eq telnet
So only the first line in the above access-list has any hits.
You can reset the counters by using the
"clear access-list
HTH
Jon
05-10-2007 03:33 AM
Thanks for your help, just another question, do you know if it's possible to transform names in the configuration to ip addresses, i don't remember how to do it it's just be sure of the ip addresses when i use "sh access-list"
thanks
05-10-2007 03:40 AM
Hi
If i understand correctly i'm not sure you can do this. You can do a "sh names" and then cross reference with the access-list but i don't know of a way to transpose the ip address instead of the name in a "sh access-list"
Hope i haven't misunderstood.
Jon
05-10-2007 04:17 AM
There should be an entry in your configureation
"names"
if you run the command
"no names"
then all address to name translations will be turned off. This will *not* remove the name entries so you can turn it back on again without a problem.
** Please rate posts if helpful **
05-10-2007 06:45 AM
This might be more useful if you do a `sh access-list | i hitcnt=0'.
That way you can sort out the rules that haven't received any hits over a certain time fram.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: