Solved: Correlate access rule

eberte · ‎10-14-2011

Hello GURUS!

I have a PIX with 600 active access rules but many rules arent't in use.

A lot of the rules aren't necessary anymore but I don't know what they are.

How to know what rules are working?

Thank you all!!

Jon Marshall · ‎10-14-2011

The easiset way is to look at the hits on the access-list entries ie. sh access-list

You may want to clear the counters and then leave for a while to see which lines are being used ie.

clear access-list counters

Jon

varrao · ‎10-14-2011

Hi,

What you are trying to do is a very tough thing , the best thing that I can think of is, use:

clear counters all

after this do:

show access-list

and monitor the hitcounts regularly for 3-4 days.

ACL's on which you do not see any hits incrementing, you can chuck them out.

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao

Jon Marshall · ‎10-14-2011

The easiset way is to look at the hits on the access-list entries ie. sh access-list

You may want to clear the counters and then leave for a while to see which lines are being used ie.

clear access-list counters

Jon

varrao · ‎10-14-2011

Hi,

What you are trying to do is a very tough thing , the best thing that I can think of is, use:

clear counters all

after this do:

show access-list

and monitor the hitcounts regularly for 3-4 days.

ACL's on which you do not see any hits incrementing, you can chuck them out.

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao

eberte · ‎10-17-2011

Hi Varun,

Do you kno if there is a way to count this hitcounts by any SNMP MIB OID?

I could make a table or graphic directly with this option.

Thank you!

varrao · ‎10-17-2011

I tried to look for it but there doesn't seem to be any MIB for access-list hitcount.

Varun

Thanks,
Varun Rao