Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
770
Views
3
Helpful
5
Replies

How to delete hundreds of Unused lines - ASA

Bonnie
Level 1
Level 1

‎05-29-2023 10:32 AM

I receive a list of unused rules (hundereds of unused rules) that needs to be deleted from the ASA

I can't seem to find any help on this topic, Is this really a mostly manual process? Please is someone able to share a less painful way of executing this task?

This includes having to remove "hosts" from object-groups.

Appreciate any direction here please

Regards,

Bonnie

0 Helpful
5 Replies 5

MHM Cisco World
VIP
VIP

‎05-29-2023 11:55 AM

Reset factory' if config need to clean up more more than config need to keep.

Note:- take a backup config before do any change.

0 Helpful

Sheraz.Salim
VIP
VIP

‎05-29-2023 01:57 PM - edited ‎05-29-2023 02:11 PM

I assume this must be production network. if this is the case take extra care doing anything manual. must have a change control in place. If you using ASDM you can view the object/object-group if its used or not used (not required anymore as in your case).

to see what is "Not Used" you go (ASDM) into the "Configuration, Firewall" section and make sure you have turned on "View, Addresses". You should then see the "Not Used". This will display a new pop up windows list of not used object network/object-group you can delete them as it will give you the check list to select.

Not_used.PNG

please do not forget to rate.
0 Helpful

Bonnie
Level 1
Level 1
In response to Sheraz.Salim

‎05-30-2023 08:12 AM

Hi Sheraz, thank you for your reply. This however relates more to just deleting the objects/network groups. My task is to delete unused rules on the ASA (hundreds of them). These are sent to me in an Excel sheet format.

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-29-2023 07:56 PM

Plus 1 on @Flavio Miranda 's recommendation. I have used this tool for years without any problem. It generates a snippet of config that you can easily paste in cli to remove the unused object, groups etc. After running it and doing the cleanup, run it again with the updated config - often secondary lines will appear based on having removed the first instance.  (Sometimes even a third time - basically re-run it until it come up clean in the tool.)

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card