07-20-2011 03:20 AM - edited 03-11-2019 02:01 PM
Hi All,
Can one use ASDM to detect Unused (redundant, orphaned and shadowed) rules.
Thanks
Solved! Go to Solution.
07-20-2011 10:24 PM
If by "unused" you mean configured active rules that are not matching any traffic, absolutely, you can see if the rules are being hit. That's what I do, I clear the hit counters and if after a couple of days a particular rule is still showing no hits, then I mark that rule as "inactive". If somebody complains then I put that rule back in active. If nobody complains then I can delete that rule.
About detecting redundant rules, you can do that with Cisco CSM. There are also serveral software solutions in the market that perform firewall rules analysis.
07-20-2011 03:40 AM
Hi Damdjo,
In the ASDM, under access-rules, you can check the inactive ACL's. The one which do not have a check mark in fron of them are the ones which are not being used and are inactive. You can check it from the CLI as well, y doing:
show access-list
the inactive ACL's woudl have the keyword "inactive" in from of them
Thanks,
Varun
07-20-2011 08:05 PM
CLI can be done a little easier with:
show access-list | in inactive
to only show the lines containing "inactive"
07-20-2011 10:24 PM
If by "unused" you mean configured active rules that are not matching any traffic, absolutely, you can see if the rules are being hit. That's what I do, I clear the hit counters and if after a couple of days a particular rule is still showing no hits, then I mark that rule as "inactive". If somebody complains then I put that rule back in active. If nobody complains then I can delete that rule.
About detecting redundant rules, you can do that with Cisco CSM. There are also serveral software solutions in the market that perform firewall rules analysis.
07-21-2011 04:41 AM
Thanks to all for your answers. They all go a long way to help me in cleaning up my Firewall.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: