asa-check is a bash-script that scans your Cisco ASA configuration and presents clean up commands.
Running asa-check will give the following output:
- A condensed (and grep-able) list of firewall interfaces, security levels and status.
- A list of access-lists configured but not in use.
- List of objects and objects-groups configured but not in use.
- A list of tunnel-groups configured but not in use.
The main purpose of this script is to clean up left-overs in the configuration. Everything that asa-check does can be done manually, but asa-check does it faster and more precise.
All you need is the current running-config as a text-file on your local computer, this script and bash. You feed the script with the configuration text-file and the output is a number of “no”- or “clear configure”-commands than can be pasted into the ASA cli-prompt to remove the unwanted configuration.
To download your copy of asa-check, fill in the form and signup to our newsletter. This is totally risk-free. You can unsubscribe at any time, and the newsletter is maximum once per week, only networking and security-related!