The goal of this tool will be to examine the config of a Cisco ASA and suggest methods to clean up the config.

It will do the following actions after looking at the "show running-config":

  • Determine if any ACL's can be combined by using object-groups
  • Determine if there are any unused ACL's. Any that aren't being used will be subject for removal.
  • Determine if there are any unused objects and object-groups. Any that aren't being used will be subject for removal.

Paste the output of "show run" in the box below.


About this Tool

This tool analyzes Cisco ASA configurations to identify:

  • Unused Access Control Lists (ACLs) - ACLs that are defined but not referenced in any access-group command
  • Unused Objects and Object-groups - Network/service objects that are defined but not used in any ACL or NAT rule
  • Optimization Opportunities - Places where multiple ACL entries could be combined using object-groups

Simply paste the output of show running-config from your Cisco ASA and click "Clean it up!" to get recommendations for cleaning up your configuration.

Example Usage

Copy and paste output from commands like:

  • show running-config
  • show running-config access-list
  • show running-config object