Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Audit pix v7 access rules


i am in charge of auditing access rules on a PIX V7 with 11 interfaces including 5 logicals one, it seems that we have 570 rules with a lot of hosts/groups and we want to know better which traffic is allowed on the pix.

Can somebody suggest me a tool or software to audit my access rule to do that because with ASDM or CLI i can filter as i want


Re: Audit pix v7 access rules

The best tool for you is "Firewall Analyzer". You can get the software from It is a free 30 day trial period.

On the pix you just have to add it like anyother syslog server.

logging host inside

You will get all kinds of reports like the rule that is more used, protocol graph etc.

--Pls rate if useful--

New Member

Re: Audit pix v7 access rules

Many thanks for your reply,

i think this software will help me day after day but what i really want is to know if rules aren't too old. I want to know what kind of rules are on my pix, who is allowed to do what. my real trouble is that some destinations are reachable by ip source that i want to deny and if my ip source is created in an asdm group i can't find it easily with rules displayed on asdm.


New Member

Re: Audit pix v7 access rules

Anyone to reply ?

I try to use Cisco security manager v3 and it seems that it can be a good software for my job but i can't extract or filter any rules to purge it.


CreatePlease to create content