asa-check is a bash-script that scans your Cisco ASA configuration and presents clean up commands.

Running asa-check will give the following output:

  • A condensed (and grep-able) list of firewall interfaces, security levels and status.
  • A list of access-lists configured but not in use.
  • List of objects and objects-groups configured but not in use.
  • A list of tunnel-groups configured but not in use.

The main purpose of this script is to clean up left-overs in the configuration. Everything that asa-check does can be done manually, but asa-check does it faster and more precise.

All you need is the current running-config as a text-file on your local computer, this script and bash. You feed the script with the configuration text-file and the output is a number of  “no”- or “clear configure”-commands than can be pasted into the ASA cli-prompt to remove the unwanted configuration.

Example screenshot:

asa-check screenshot


To download your copy of asa-check, fill in the form and signup to our newsletter. This is totally risk-free. You can unsubscribe at any time, and the newsletter is maximum once per week, only networking and security-related!