topic Re: ASA firewall rules with Zero Hits in Network Security

ASA firewall rules with Zero Hits

jroy777 — Thu, 15 Jun 2023 17:56:59 GMT

OK, been looking at ASA FW Rules and we have a LOT of rules with Zero Hits. Can I safely remove these? Doing a system cleanup and hit counters have not been cleared for a very long time.

Re: ASA firewall rules with Zero Hits

Rob Ingram — Thu, 15 Jun 2023 17:22:37 GMT

@jroy777 yes you should be able to remove these if you are confident they are not required. Before you clear the rules down, take a backup to be on the safe side. I'd also personally just confirm the hit counter are actually increasing on active rules, just in case there might be bug where the hit counters don't work!!

Re: ASA firewall rules with Zero Hits

MHM Cisco World — Thu, 15 Jun 2023 17:27:02 GMT

You use syslog server?

If yes then add log to acl you want to delete' then monitor the log if you dont see any log for one week or more the you can safely remove it.

But as @Rob Ingram mention take backup of config before start this process.

Re: ASA firewall rules with Zero Hits

adamgerber — Thu, 15 Jun 2023 18:26:53 GMT

Hi,

I'd recommend using ASDM, which allows you to easily disable rules by unchecking each rule. You can also view when last each rule was hit. You can also get a CSV export for your rules via ASDM.