Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1025
Views
15
Helpful
3
Replies

Remove dormant access-list from the ASA ASDM

saifMH84
Level 1
Level 1

‎04-28-2022 05:20 AM

Hi, 

 I started a new job and the firewall was left untouched specially the access-lists and its really huge which I can't clean one by one so, I was wondering if there is any option through ASDM to remove unused access-lists for a certain of time (just like Palo Alto which you can remove access-list if its not used for a month or 3 months)?

3 Replies 3

MHM Cisco World
VIP
VIP

‎04-28-2022 06:30 AM

follow

0 Helpful

saifMH84
Level 1
Level 1

‎04-29-2022 01:12 PM

I think since there are no replies then I can presume that ASDM doen't have an option like this?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to saifMH84

‎05-02-2022 01:33 AM

There's not a direct feature like that.

I presume you are are talking about ACL entries vs. entire ACLs.

What I usually do is first run the entire config through a tool like tunnelsup.com or Cisco CLI analyzer. That allows you to identify and remove unused ACLs and objects altogether.

After that, identify ACL entries with zero hit counts and mark them inactive. If there's no issue with end users or services after a time that's suitable for your environment then you can remove those entries.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card