cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10316
Views
20
Helpful
11
Replies

Finding and removing unused objects in FMC

Keith Miller
Level 1
Level 1

Was looking for a way to find and remove unused objects in the FMC (6.2.2) like you could with ASAs in ASDM. Is there really no way to do this?

 

Every other day I find some annoying little thing about the FMC and FTDs... 

 

Regards,

Keith

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

Sorry but there's no utility, either built-in or external, that currently allows you to do that.

View solution in original post

11 Replies 11

Marvin Rhoads
Hall of Fame
Hall of Fame

Sorry but there's no utility, either built-in or external, that currently allows you to do that.

Thanks for confirming what I was afraid of @Marvin Rhoads. :sigh:

diparma
Cisco Employee
Cisco Employee

Keith, Using the migration tool we have, We can remove unused objects while migrating from PAN/ASA/Ckeclpoint to FTD.

As of Firepower 6.4, we now have the "Where used" feature. It's not 100% of what we need but a step in the right direction.

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/relnotes/firepower-release-notes-640/features.html

 

View object use

The object manager now allows you to see the policies, settings, and other objects where a network, port, VLAN, or URL object is used.

New/modified screens: Objects > Object Management > choose object type > Find Usage (binoculars) icon

Supported platforms: FMC

Jack G
Level 1
Level 1

Wonder if it makes more sense to show the icon if it's actually in use. Perhaps it would require additional processing and slow down the interface.

Hyperion0000
Level 1
Level 1

I realize this is a super old thread, but it popped up in the google.   I figured I might be able to help someone else.  I'm currently on 7.2.0.1 and there is a check-box under network objects to "Show unused objects". 

Technically speaking (on older versions) FMC will not allow you to delete an object that is being used.  So you should be able to just try to delete all objects and it will stop you on the objects that are used.

JoshfromPHX
Level 1
Level 1

Does anyone know if we can bulk-remove unused network objects on the FMC? 

Not exactly in bulk, but current versions (7.0+) allow us to filter the object list to show only unused objects. You can then hit the trash icon for any user-defined unused objects. (System-defined objects must remain in FMC but are not deployed to managed devices until they are used.)

FMC Unused ObjectsFMC Unused Objects

Maybe one day we can click on "Show Unused Objects" and then select all > delete. That would be what we are looking for here. Thank you Marvin. 

baab66
Level 1
Level 1

Ctrl Select all Unused objects and right click to delete is an option to remove all Unused Objects from FMC.

Thank you for posting that, saved me some time!!    ~M

Review Cisco Networking for a $25 gift card