Good Day,

This is my first post here and I hope that this is the correct location for this question.

There are multiple questions similar to the question I will pose. I have searched for hours and found nothing that answers what I believe to be a straight forward question.

Many of the discussion seem to “Not” answer the question, instead the discussion seems to take a turn away from the question altogether. Thus, I ask that you excuse what may appear to be a broken record question, which is as follows. If possible, it would be appreciated to avoid the need for a manual inspection of thousands of lines.

Note: I am not a Network Engineer. I have a different role within the company, although technical, and this is one of the projects currently at hand.

Question:

Does Cisco have any software for purchase or already embedded into the Cisco ASA appliance which can be used to perform a fairly in depth audit of the configuration? Can the ASDM perform these tasks and provide a professional looking report with clearly articulated action items?

The objective is to include, but not limited to, identify any the following.

• Outdated firewall access rules
• Outdated NAT rules
• Outdated encryption protocols
• Unneeded VPN tunnels
• Unneeded user accounts
• Unneeded SNMP Servers
• Disabled or insufficient logging
• Duplicate Rules
• Overlapping Rules
• Redundant Rules
• Unused Rules
• Insecure Rules (for lack of better terms)
• Outdated configuration

If there is no adequate Cisco owned software, are there any respectable 3-rd party companies which provide an application (opposed to coming on-site)? The application would provide an easy to use, professional interface and output equally professional reports with clearly articulated action items.

The reports would go to management and to the IT directors shop to address the findings as; either accepted configurations or submit the corrections to change board.

Thank you for your time in advance.

Damien