topic Re: Firewall queries in Network Security

Firewall queries

mani1910 — Tue, 15 Jun 2021 15:53:50 GMT

Hi All,

QN1.

I have a network object 10.0.0.0/8 and it is added to "my-internal-ip network" object group.

in ASDM i can check where this policy is used and policy number.

similary , is there any way to check in CLI for the above asked details.

QN2 .

i have 10 policies configured in ASDM [1 to 10]

How can i insert any policy between policy 4 and 5 using cli.

Re: Firewall queries

Rob Ingram — Tue, 15 Jun 2021 16:01:46 GMT

@mani1910

Try this:- "show access-list | include XXXXX" which will show you which access-list ACE entry this object is used in.

You need to use "line" when adding an ACE.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/access-acls.html

The command for adding an ACE is access-list name [line line-num] type parameters. The line number argument works for extended ACLs only. If you include the line number, the ACE is inserted at that location in the ACL, and the ACE that was at that location is moved down, along with the remainder of the ACEs (that is, inserting an ACE at a line number does not replace the old ACE at that line). If you do not include a line number, the ACE is added to the end of the ACL. The parameters available differ based on the ACL type; see the specific topics on each ACL type for details.

Re: Firewall queries

marioiram — Tue, 15 Jun 2021 16:30:30 GMT

@mani1910

You can try "sh run | i my-internal-ip network" to find out where the object is being used, that would show you the ACLs then with that just find the order and as indicated by @Rob Ingram just add an ACE.

HTH