https://community.cisco.com/t5/network-security/audit-pix-v7-access-rules/m-p/701109#M1034067 <HTML><HEAD></HEAD><BODY><P>The best tool for you is "Firewall Analyzer". You can get the software from </P><P><A class="jive-link-custom" href="http://manageengine.adventnet.com/products/firewall/download.html" target="_blank">http://manageengine.adventnet.com/products/firewall/download.html</A>. It is a free 30 day trial period. </P><P>On the pix you just have to add it like anyother syslog server.</P><P></P><P>logging host inside <IP></IP></P><P></P><P>You will get all kinds of reports like the rule that is more used, protocol graph etc.</P><P></P><P>--Pls rate if useful--</P></BODY></HTML> Wed, 22 Nov 2006 18:06:58 GMT zubairjalal 2006-11-22T18:06:58Z https://community.cisco.com/t5/network-security/audit-pix-v7-access-rules/m-p/701108#M1034066 <P>Hello,</P><P></P><P>i am in charge of auditing access rules on a PIX V7 with 11 interfaces including 5 logicals one, it seems that we have 570 rules with a lot of hosts/groups and we want to know better which traffic is allowed on the pix.</P><P></P><P>Can somebody suggest me a tool or software to audit my access rule to do that because with ASDM or CLI i can filter as i want</P> Mon, 11 Mar 2019 08:59:24 GMT https://community.cisco.com/t5/network-security/audit-pix-v7-access-rules/m-p/701108#M1034066 yann.boulet 2019-03-11T08:59:24Z https://community.cisco.com/t5/network-security/audit-pix-v7-access-rules/m-p/701109#M1034067 <HTML><HEAD></HEAD><BODY><P>The best tool for you is "Firewall Analyzer". You can get the software from </P><P><A class="jive-link-custom" href="http://manageengine.adventnet.com/products/firewall/download.html" target="_blank">http://manageengine.adventnet.com/products/firewall/download.html</A>. It is a free 30 day trial period. </P><P>On the pix you just have to add it like anyother syslog server.</P><P></P><P>logging host inside <IP></IP></P><P></P><P>You will get all kinds of reports like the rule that is more used, protocol graph etc.</P><P></P><P>--Pls rate if useful--</P></BODY></HTML> Wed, 22 Nov 2006 18:06:58 GMT https://community.cisco.com/t5/network-security/audit-pix-v7-access-rules/m-p/701109#M1034067 zubairjalal 2006-11-22T18:06:58Z https://community.cisco.com/t5/network-security/audit-pix-v7-access-rules/m-p/701110#M1034068 <HTML><HEAD></HEAD><BODY><P>Many thanks for your reply, </P><P></P><P>i think this software will help me day after day but what i really want is to know if rules aren't too old. I want to know what kind of rules are on my pix, who is allowed to do what. my real trouble is that some destinations are reachable by ip source that i want to deny and if my ip source is created in an asdm group i can't find it easily with rules displayed on asdm.</P><P></P><P>Thanks</P></BODY></HTML> Thu, 23 Nov 2006 18:25:56 GMT https://community.cisco.com/t5/network-security/audit-pix-v7-access-rules/m-p/701110#M1034068 yann.boulet 2006-11-23T18:25:56Z https://community.cisco.com/t5/network-security/audit-pix-v7-access-rules/m-p/701111#M1034069 <HTML><HEAD></HEAD><BODY><P>Anyone to reply ?</P><P></P><P>I try to use Cisco security manager v3 and it seems that it can be a good software for my job but i can't extract or filter any rules to purge it.</P><P></P><P>thx</P></BODY></HTML> Tue, 28 Nov 2006 12:40:59 GMT https://community.cisco.com/t5/network-security/audit-pix-v7-access-rules/m-p/701111#M1034069 yann.boulet 2006-11-28T12:40:59Z