i had this small query, i am sure it would be fairly simple for anyone using ACL qute often to advise me.
if we have access-list created but not applied to an interface, and do "sho access-lists", it will still show me hit-counts? this is normal right.
the only thing is that rule is not be actioned.
Extended IP access list 101
10 permit ip 10.0.0.0 0.0.0.255 any
Extended IP access list 150
10 permit ip host 10.0.0.160 any (4424 matches)
20 permit ip host 10.0.0.15 any (3635 matches)
30 permit ip host 10.0.0.11 any (97680 matches)
40 permit ip host 10.0.0.10 any (2271613 matches)
50 permit ip host 10.0.0.251 any (1 match)
60 permit ip host 10.0.0.171 any (174 matches)
70 permit ip host 10.0.0.124 any (10084 matches)
80 permit ip host 10.0.0.183 any (5195 matches)
90 permit ip host 10.0.0.172 any (34856 matches)
100 permit ip host 10.0.0.186 any (6623 matches)
Pleae correct me if i am wrong.
I agree with Ahmad-
You should check if these counters are incresing as i said should not increase if not appilied to interface.
counter in bracket means ACL is Hit for sure.
if its not applied at this time, may be earlier it was applied, Hit counter will remain unless you reboot the firewall or delete/create ACL again.