Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6913
Views
16
Helpful
9
Replies

Finding and removing unused objects in FMC

Go to solution
Keith Miller
Level 1
Level 1

‎10-25-2017 08:14 AM - edited ‎02-21-2020 06:34 AM

Was looking for a way to find and remove unused objects in the FMC (6.2.2) like you could with ASAs in ASDM. Is there really no way to do this?

 

Every other day I find some annoying little thing about the FMC and FTDs... 

 

Regards,

Keith

2 people had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-27-2017 05:30 AM

Sorry but there's no utility, either built-in or external, that currently allows you to do that.

View solution in original post

9 Replies 9

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-27-2017 05:30 AM

Sorry but there's no utility, either built-in or external, that currently allows you to do that.

Go to solution
Keith Miller
Level 1
Level 1
In response to Marvin Rhoads

‎11-01-2017 06:47 AM

Thanks for confirming what I was afraid of @Marvin Rhoads. :sigh:

0 Helpful

Go to solution
diparma
Cisco Employee
Cisco Employee

‎09-16-2019 09:05 AM - edited ‎09-16-2019 08:16 PM

Keith, Using the migration tool we have, We can remove unused objects while migrating from PAN/ASA/Ckeclpoint to FTD.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to diparma

‎09-16-2019 08:10 PM

As of Firepower 6.4, we now have the "Where used" feature. It's not 100% of what we need but a step in the right direction.

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/relnotes/firepower-release-notes-640/features.html

 

View object use

The object manager now allows you to see the policies, settings, and other objects where a network, port, VLAN, or URL object is used.

New/modified screens: Objects > Object Management > choose object type > Find Usage (binoculars) icon

Supported platforms: FMC

Go to solution
Jack G
Level 1
Level 1

‎11-16-2020 02:55 PM

Wonder if it makes more sense to show the icon if it's actually in use. Perhaps it would require additional processing and slow down the interface.

0 Helpful

Go to solution
Hyperion0000
Level 1
Level 1

‎08-23-2022 06:42 AM - edited ‎08-23-2022 06:47 AM

I realize this is a super old thread, but it popped up in the google.   I figured I might be able to help someone else.  I'm currently on 7.2.0.1 and there is a check-box under network objects to "Show unused objects". 

Technically speaking (on older versions) FMC will not allow you to delete an object that is being used.  So you should be able to just try to delete all objects and it will stop you on the objects that are used.

0 Helpful

Go to solution
JoshfromPHX
Level 1
Level 1

‎11-09-2023 07:56 AM

Does anyone know if we can bulk-remove unused network objects on the FMC? 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to JoshfromPHX

‎11-09-2023 09:06 AM - edited ‎11-09-2023 09:07 AM

Not exactly in bulk, but current versions (7.0+) allow us to filter the object list to show only unused objects. You can then hit the trash icon for any user-defined unused objects. (System-defined objects must remain in FMC but are not deployed to managed devices until they are used.)

FMC Unused ObjectsFMC Unused Objects

Go to solution
JoshfromPHX
Level 1
Level 1
In response to Marvin Rhoads

‎11-09-2023 09:29 AM

Maybe one day we can click on "Show Unused Objects" and then select all > delete. That would be what we are looking for here. Thank you Marvin. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card