Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1431
Views
0
Helpful
2
Replies

unused/idle/inactive ASA 8.4 rules

bghobadi2
Level 1
Level 1

‎07-23-2012 09:07 AM - edited ‎03-11-2019 04:33 PM

Hello,

I have a pair of ASA 5540 running 8.4 code. The firewall set has about 4500 rules. I am tasked to identify all unused/idel/inactive rules in the past 3 months .

Would any one know of a quick way (CLI or CSM) to identify or list such rules? I will grateful for any tip?

Thanks

Bo                 

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎07-23-2012 09:56 AM

Check for the rule with hitcount of 0, if the access-list hitcount has never been cleared for a long time or the ASA hasn't been reloaded for a while, then ACL with hitcount of 0 is a clear indication that it has been inactive or not used.

0 Helpful

fb_webuser
Level 6
Level 6

‎07-23-2012 12:58 PM

We featured this question on our Facebook page. Check out some of the responses here. http://www.facebook.com/CiscoSupportCommunity/posts/426400164068512

---

Posted by WebUser Cisco NetPro from Cisco Support Community App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card