Re: Delete bulk objects in ASA FW

ManafAlKadhar71884 · ‎06-15-2020

Hello everyone,

We have ASA FW 5500 with over 300 unused objects, these objects are network objects as FQDN and they dont exist in the network, hence, the FW doing DNS lookup for all of them, and our syslog server getting full with sys log msgs of timeout.

How can I delete these hosts (Objects) in bulk ? please note that many if not all of them are parts of groups and / or used in policies. as of now, I need to look for the object, and locate what group is its in, remove it from the group and remove it from the policy and only then I can delete this object.

is there a better way to delete all this objects ?

Can I remove the object from all groups or rules via CLI ? what commands should i use?

One more thing, I use ASDM to delete the object, when I use CLI "

no object network MyComputer

I always get the object does not exist although its there and I was able to delete it from ASDM.

Regards,

Marvin Rhoads · ‎06-15-2020

I've often used the cleanup tool at tunnelsup.com. I run it 2-3 times iteratively and it provides the cli to remove the unused objects and groups based on analysis of the running-config.

For FQDNs that are part of an otherwise valid group that's in use it might not work but for outright unused groups with associated objects it should work fine.