Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1016
Views
3
Helpful
3
Replies

ASA firewall rules with Zero Hits

jroy777
Level 1
Level 1

‎06-15-2023 10:08 AM - edited ‎06-15-2023 10:56 AM

OK, been looking at ASA FW Rules and we have a LOT of rules with Zero Hits. Can I safely remove these? Doing a system cleanup and hit counters have not been cleared for a very long time.

0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎06-15-2023 10:22 AM

@jroy777 yes you should be able to remove these if you are confident they are not required. Before you clear the rules down, take a backup to be on the safe side. I'd also personally just confirm the hit counter are actually increasing on active rules, just in case there might be bug where the hit counters don't work!!

MHM Cisco World
VIP
VIP

‎06-15-2023 10:27 AM

You use syslog  server?

If yes then add log to acl you want to delete' then monitor the log if you dont see any log for one week or more the you can safely remove it.

But as @Rob Ingram  mention take backup of config before start this process.

adamgerber
Level 1
Level 1

‎06-15-2023 11:26 AM

Hi,

I'd recommend using ASDM, which allows you to easily disable rules by unchecking each rule. You can also view when last each rule was hit. You can also get a CSV export for your rules via ASDM.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card