Highlight Unused Objects Checkbox

Reply
Highlighted
L1 Bithead

Highlight Unused Objects Checkbox

I am not sure how to go about requesting this formally, but there should be a button for "Highlight unused objects" similar to the checkbox that is on the policy tab for "HIghlight Unused Rules".  This would be a HUGE time saver for admins using the shared objects in Panorama and even using a few unique firewalls.  

 

I have really had very little luck trying to see whcih objects are used and which are not.  The time that it would take to go through thousands of objects that we have would be futile at best. 

 

Thoughts or maybe information about a future release with this functionality?  

Highlighted
L4 Transporter

Re: Highlight Unused Objects Checkbox

That would probably be a pretty useful feature in the interface.

 

I also just found this:

https://live.paloaltonetworks.com/t5/Migration-Tool-Discussions/Best-practice-for-object-cleanup/td-...

 

I personally like the last mention on that thread about using the Migration Tool.  You can export a config copy from your firewall and load it up in that... gives you some really nice information even if you're not planning on migrating to anything.

Highlighted
L6 Presenter

Re: Highlight Unused Objects Checkbox

I used the migration tool to migrate a CheckPoint config and was able to get rid of > 20k objects and > 600 service objects.

 

 

If interested you can also look into another product call FireMon they're compatible with just about every FW vendor and are really a more purpose built tool to do just what the OP is asking for.  (Down to the numerical count of the times an object was used in a particular security policy.)

Highlighted
L3 Networker

Re: Highlight Unused Objects Checkbox

>gives you some really nice information even if you're not planning on migrating to anything.

 

this, including the ability to edit multiple policies at once.

Highlighted
L4 Transporter

Re: Highlight Unused Objects Checkbox

A quick and dirty way to know if an object is in use is to delete it. You can click on the first entry and shift click on the last one to select all the objects. If an object is in use, it will not be deleted (an error message will appear). You can then preview the changes to see what is actually not used. Make sure you revert to the running config after doing that! Also, you coworkers might freak out when they see you do that.

 

Benjamin

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!