PIX ACL hit count

Unanswered Question
Jan 20th, 2010

I am in the process of migrating a firewall rule set from a PIX to an ASA and would like to delete entries that have never been used.  Is it safe to assume anything with a hitcnt=0 has not been used since last reboot (over 2 years ago..)


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kureli Sankar Wed, 01/20/2010 - 19:49

That is correct provided you didn't do a "clear access-list blah counters".  That will reset these counters.



This Discussion