Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

unused/idle/inactive ASA 8.4 rules

Hello,

I have a pair of ASA 5540 running 8.4 code. The firewall set has about 4500 rules. I am tasked to identify all unused/idel/inactive rules in the past 3 months .

Would any one know of a quick way (CLI or CSM) to identify or list such rules? I will grateful for any tip?

Thanks

Bo                 

2 REPLIES
Cisco Employee

unused/idle/inactive ASA 8.4 rules

Check for the rule with hitcount of 0, if the access-list hitcount has never been cleared for a long time or the ASA hasn't been reloaded for a while, then ACL with hitcount of 0 is a clear indication that it has been inactive or not used.

Silver

unused/idle/inactive ASA 8.4 rules

We featured this question on our Facebook page. Check out some of the responses here. http://www.facebook.com/CiscoSupportCommunity/posts/426400164068512

---

Posted by WebUser Cisco NetPro from Cisco Support Community App

770
Views
0
Helpful
2
Replies
CreatePlease to create content