GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mikepitagno → asa_cleanup

mikepitagno / asa_cleanup

Licence: GPL-2.0 License
Cisco ASA Firewall Cleanup Script.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

ciscofirewallasa

Projects that are alternatives of or similar to asa cleanup

network tech
Cisco config syntax and snippets for Sublime Text
Stars: ✭ 82 (+105%)
Mutual labels:  cisco, asa
DirectFire Converter
DirectFire Firewall Converter - Network Security, Next-Generation Firewall Configuration Conversion, Firewall Syntax Translation and Firewall Migration Tool - supports Cisco ASA, Fortinet FortiGate (FortiOS), Juniper SRX (JunOS), SSG / Netscreen (ScreenOS) and WatchGuard (support for further devices in development). Similar to FortiConverter, Sm…
Stars: ✭ 34 (-15%)
Mutual labels:  cisco, firewall
ansible-ufw
Ansible role to set up ufw in Debian-like systems
Stars: ✭ 40 (+0%)
Mutual labels:  firewall
changelog
Security router changelog
Stars: ✭ 15 (-62.5%)
Mutual labels:  firewall
opensnitch
OpenSnitch is a GNU/Linux application firewall
Stars: ✭ 398 (+895%)
Mutual labels:  firewall
OpenBSDFirewall
Simple OpenBSD Home Firewall Config for ALIX Board
Stars: ✭ 41 (+2.5%)
Mutual labels:  firewall
mantl-devnet-learninglabs
Self paced interactive Learning Labs for learninglabs.cisco.com
Stars: ✭ 15 (-62.5%)
Mutual labels:  cisco
packiffer
lightweight cross-platform networking toolkit
Stars: ✭ 52 (+30%)
Mutual labels:  firewall
azure-cdn-ips
List of Azure CDN IP Addresses
Stars: ✭ 14 (-65%)
Mutual labels:  firewall
cisco-ansible-lan-switching
Automate Cisco LAN Switching Configuration using Ansible
Stars: ✭ 13 (-67.5%)
Mutual labels:  cisco
netcrawl
Netcrawl is a tool designed to discover and poll one or more devices, inventory them, and then provide useful data on the processed devices.
Stars: ✭ 49 (+22.5%)
Mutual labels:  cisco
astlinux
AstLinux is a "Network Appliance for Communications" x86_64 Linux distribution
Stars: ✭ 23 (-42.5%)
Mutual labels:  firewall
panoptes-stream
A cloud native distributed streaming network telemetry.
Stars: ✭ 34 (-15%)
Mutual labels:  cisco
ise-automation-ansible
Ansible playbooks to configure a freshly installed Cisco Identity Services Engine (ISE) for simple operations; specifically, a Cisco Software-Defined Access lab environment.
Stars: ✭ 16 (-60%)
Mutual labels:  cisco
vrnetlab
Run virtual routers with docker
Stars: ✭ 879 (+2097.5%)
Mutual labels:  cisco
firewall
Python Firewall Library
Stars: ✭ 46 (+15%)
Mutual labels:  firewall
aci-learning-labs-code-samples
No description or website provided.
Stars: ✭ 21 (-47.5%)
Mutual labels:  cisco
noddos
Noddos client
Stars: ✭ 78 (+95%)
Mutual labels:  firewall
wcae
WCAE Troubleshooting tool
Stars: ✭ 25 (-37.5%)
Mutual labels:  cisco
Cisco2Checkpoint
Tool that assists in migrating firewall rules from Cisco to Checkpoint. Will optimize rules for you (rationalization, reuse merging, etc.).
Stars: ✭ 19 (-52.5%)
Mutual labels:  cisco
View All Similar Projects ➔

ASA Cleanup

Introduction

A Python command line script to identify unused access-lists, object-groups and objects within a Cisco ASA firewall configuration file. The script will also dynamically modify the config file during execution to prevent having to run it multiple times. For example, if an ACL marked for removal renders an object-group no longer necessary, the script will also mark that object-group for removal on the same run.

Update (2016-10-12): Added support to cleanup unused group policies; Output now printed to file.

Update (2018-10-28): Added support for different object and object_group types (e.g. network, service, protocol, icmp-type); Previously script would only parse network types; Script now outputs updated configuration file (.cfg) in addition to file with recommended changes (.txt).

Installation Notes / Prerequisites

Python2 Version - asa_cleanup.py
Python3 Version - asa_cleanup_v3.py

CiscoConfParse Required Debian/Ubuntu based install:

sudo apt-get install python-pip
sudo pip install ciscoconfparse

Usage

asa_cleanup.py 'CONFIG_FILE'

Sample Output

Group Policy Removal Lines:
clear configure group-policy GRP1
clear configure group-policy GRP2

ACL Removal Lines:
clear configure access-list ACL1
clear configure access-list ACL2

Object-Group Removal Lines:
no object-group network NETOBJECTGRP1
no object-group network NETOBJECTGRP2
no object-group service SERVOBJECTGRP1
no object-group service SERVOBJECTGRP2
no object-group icmp-type ICMPOBJECTGRP1
no object-group protocol PROTOCOLGRP1

Object Removal Lines:
no object network NETOBJECT1
no object network NETOBJECT2
no object service SERVOBJECT1
no object service SERVOBJECT2

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].