topic Re: How do I sanitize an ASA? in Network Security

How do I sanitize an ASA?

jimmyc_2 — Tue, 12 Mar 2019 02:48:14 GMT

What files do I need to keep in the flash, besides the IOS and ASDM?

Any other information would be appreciated.

Thanks.

Re: How do I sanitize an ASA?

Jouni Forss — Mon, 07 Oct 2013 15:07:44 GMT

Hi,

To my understanding the biggest files that take space (and are worth removing for extra space on the Flash) are the ASA IOS, ASDM GUI and VPN related files. So I guess it depends in what use the ASA firewall in question is. If its purely in use for Firewall purposes (no VPN) then you might save space by removing VPN related images. In that case it would probably also be good to copy those files to some host before removing them from Flash just incase you need them later and dont have a service contract.

To my understanding already the latest version of the original ASA5500 Series included more than enough Flash memory for normal usage. I mean have space for a few software versions for both ASA IOS and ASDM.

I guess you could start by atleast viewing the output of the following commands so show what most common files are in use

show run boot

show run asdm

show run webvpn

If the first 2 commands dont provide any output referring to a file name then you should probably check also

show version

To see what images the ASA currently boots to

You can naturally also share the output of

dir flash:

From your device to see what you have on the Flash.

I am atleast glad that I dont have to deal anymore with the PIX firewalls with 16MB Flash memory.

- Jouni

How do I sanitize an ASA?

jimmyc_2 — Mon, 07 Oct 2013 17:44:42 GMT

I want to give my ASA to another division, and I want to ensure everything I have on it is cleared, but still leave it functional.

How do I sanitize an ASA?

Marvin Rhoads — Mon, 07 Oct 2013 17:54:20 GMT

Jouni's suggestions are correct and pretty comprehensive.

Short version:

Reset the configuration to factory default (use "configure factory-default" command) and write mem to save that configuration.

Delete everything on flash EXCEPT the running ASA and specified ASDM images.

Reload just to doublecheck.

Re: How do I sanitize an ASA?

Jouni Forss — Mon, 07 Oct 2013 17:57:11 GMT

Hi,

So the purpose is to remove any old configuration rather than just make space on the Flash of the ASA?

Well to my understanding you wont need much more for basic firewall operation other than the ASA IOS image. The ASDM is naturally typically included as you need it for some configuration jobs typically though majority of the configurations can be done through the CLI also.

Looking at my ASA5505 Flash at the moment I can't really see that many files that it would need than the ASA IOS and ASDM.

I guess you can remove the current startup configurations if its to be sent as a blank ASA. Naturally if it has several software images on the Flash at the moment then I dont really see the problem letting them be there and letting the new users worry about what they want to keep on the Flash.

- Jouni

Re: How do I sanitize an ASA?

johnlloyd_13 — Tue, 08 Oct 2013 03:09:58 GMT

hi,

you can alternatively use these commands:

* clear configure all: Clears the entire running configuration

* clear configure primary: Clears all commands related to connectivity, including the ip address, mtu, monitor-inteface, boot, route, failover, tftp-server, and shun commands

* clear configure secondary: Clears all commands not related to ASA connectivity

* write erase and reload commands.