04-28-2022 05:20 AM
Hi,
I started a new job and the firewall was left untouched specially the access-lists and its really huge which I can't clean one by one so, I was wondering if there is any option through ASDM to remove unused access-lists for a certain of time (just like Palo Alto which you can remove access-list if its not used for a month or 3 months)?
04-28-2022 06:30 AM
follow
04-29-2022 01:12 PM
I think since there are no replies then I can presume that ASDM doen't have an option like this?
05-02-2022 01:33 AM
There's not a direct feature like that.
I presume you are are talking about ACL entries vs. entire ACLs.
What I usually do is first run the entire config through a tool like tunnelsup.com or Cisco CLI analyzer. That allows you to identify and remove unused ACLs and objects altogether.
After that, identify ACL entries with zero hit counts and mark them inactive. If there's no issue with end users or services after a time that's suitable for your environment then you can remove those entries.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide