https://community.cisco.com/t5/network-security/firewall-rule-validator/m-p/1803387#M529974 <HTML><HEAD></HEAD><BODY><P>Good question. Not that I know of. </P><P>Is this port open between this src and this dst - can be answered with a packet tracer command on the ASA platform but, what are all the tcp/udp ports that are open between the src and dest - not possible presently. May be there are 3-rd party tools that could do this but I am not aware of any.</P><P></P><P>-KS</P></BODY></HTML> Sat, 24 Sep 2011 02:40:33 GMT Kureli Sankar 2011-09-24T02:40:33Z https://community.cisco.com/t5/network-security/firewall-rule-validator/m-p/1803386#M529973 <P>Ok, so I have a mix of ASA's and IOS firewalls. Constanly folks ask me " can you tell me what ports are open from x.x.x.x to x.x.x.x? I have to sift through lines of ACLs and the task becomes more complex where object groups are used. Does anyone know of a tool or script that will parse through the ACLs and tell me what is open for a given source and destination?</P><P></P><P>Thanks,</P><P><BR />Doug</P> Mon, 11 Mar 2019 21:29:34 GMT https://community.cisco.com/t5/network-security/firewall-rule-validator/m-p/1803386#M529973 dschaef88 2019-03-11T21:29:34Z https://community.cisco.com/t5/network-security/firewall-rule-validator/m-p/1803387#M529974 <HTML><HEAD></HEAD><BODY><P>Good question. Not that I know of. </P><P>Is this port open between this src and this dst - can be answered with a packet tracer command on the ASA platform but, what are all the tcp/udp ports that are open between the src and dest - not possible presently. May be there are 3-rd party tools that could do this but I am not aware of any.</P><P></P><P>-KS</P></BODY></HTML> Sat, 24 Sep 2011 02:40:33 GMT https://community.cisco.com/t5/network-security/firewall-rule-validator/m-p/1803387#M529974 Kureli Sankar 2011-09-24T02:40:33Z https://community.cisco.com/t5/network-security/firewall-rule-validator/m-p/1803388#M529975 <HTML><HEAD></HEAD><BODY><P>i guess, you can use asdm to filter rules with Find option, you can query rulebase that <STRONG>contain</STRONG>&nbsp; source and destination IP addresses, which search and display all rules between the source and destination, this will include rules with object groups, if IP address is contained in that group</P><P></P><P>-Sony</P></BODY></HTML> Sat, 24 Sep 2011 03:39:48 GMT https://community.cisco.com/t5/network-security/firewall-rule-validator/m-p/1803388#M529975 sonybabu2k1 2011-09-24T03:39:48Z