07-23-2012 09:07 AM - edited 03-11-2019 04:33 PM
Hello,
I have a pair of ASA 5540 running 8.4 code. The firewall set has about 4500 rules. I am tasked to identify all unused/idel/inactive rules in the past 3 months .
Would any one know of a quick way (CLI or CSM) to identify or list such rules? I will grateful for any tip?
Thanks
Bo
07-23-2012 09:56 AM
Check for the rule with hitcount of 0, if the access-list hitcount has never been cleared for a long time or the ASA hasn't been reloaded for a while, then ACL with hitcount of 0 is a clear indication that it has been inactive or not used.
07-23-2012 12:58 PM
We featured this question on our Facebook page. Check out some of the responses here. http://www.facebook.com/CiscoSupportCommunity/posts/426400164068512
---
Posted by WebUser Cisco NetPro from Cisco Support Community App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide