11-02-2017 04:02 PM
Hello fellow engineers!
I'm in the process of a firewall audit in my environment and I've got a lot of address objects configured. I'd like to trim the list down and get rid of addresses that are no longer valid (as in haven't been used in over a year). Is something like this possible?
I saw this link about a Perl Script, but it doesn't seem promising.
Are there any other methods where I could get an accurate view of object usage?
If this has been addressed in a previous thread, please direct me there. I couldn't find anything in my initial search.
11-04-2017 08:56 AM
11-06-2017 09:55 AM
11-06-2017 04:34 PM
The Migration Tool could be helpful. (I'm not sure if you've used it for migrations before, but it needs a bit of work to be useful). I'll look into that as an option.
11-06-2017 04:39 PM
There are two types of objects that I want to clean up - objects that are not in a policy and objects that are in a policy and are not being utilized over a certain amount of time.
It's tough to gather this data from the Palos because the address objects only exists as objects in the Objects tab. Once they're a part of a session the Palo can't record them as individual objects, but as just a part of a session.
I'm reaching total object limitations and looking to sift through the data to remove as much as possible that's no longer being used.
Thanks for all of the suggestions. I appreciate. it.
08-02-2021 07:46 AM
Did you find the solution ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!