06-12-2015 11:56 AM - edited 03-11-2019 11:06 PM
Hi all,
Does anyone know any tool or how to generate reports for firewall rules (acl) created that has no or 0 hit count in cisco ASDM.
Appreciate your repsonses.
06-13-2015 07:44 AM
Hi,
I could not find anything which could generate report on the basis of hit counts. but you could export the access-list in HTML or CSV format :
Please see the below link:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/112925-acl-asdm-00.html#exportace
Regards,
Akshay Rastogi
06-15-2015 04:55 AM
Thank You Akshay
06-15-2015 05:01 AM
Hi,
You're welcome.
If this answers your query, I would request you to select the appropriate response as the solution for this thread.
Regards,
Akshay Rastogi
06-15-2015 05:15 AM
It does partially but the issue is we have more than one ip address configured on an interface and not sure if there is any hit for each ip?
06-15-2015 08:30 AM
- We assign access-list on Interface basis, so if any source and destination matches with the access-list configured on interface, it would show a hit.
- If there is any subnet mentioned in access-list, it would not show you hit for separate IP addresses out of that subnet. It would only show hit for access-list matches that traffic on specific interface.
Regards,
Akshay Rastogi
06-15-2015 08:35 AM
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide