Manual Chapter : Managing Unused Network Security Objects

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.0.0
Manual Chapter

Managing Unused Network Security Objects

About unused Network Security objects

Users of BIG-IQ Advanced Firewall Manager (AFM) can generate reports to identify all network security objects currently not being used by any AFM rules or policies. This report will display information for unused protocol security objects, network firewall objects, and network address translation objects.
You can use this interface to view properties of each of the items, view the run status including last run time and last user to generate a report, export the data to your local machine, and delete unused objects.
If you decide to delete a unused object, make sure to check that it is not also be used in another module such as Shared Security or LTM. Deleting unused AFM objects from this interface will delete them everywhere across BIG-IQ.

Generate a report for unused objects

You can use BIG-IQ to generate a report of all objects not currently referenced in any Advanced Firewall Manager (AFM) policies or rules. This allows you to clean up any unnecessary items from your BIG-IQ environment.
  1. Go to
    Configuration
    SECURITY
    Network Security
    Unused Objects
    .
  2. To generate a report of objects that are not currently being used in any AFM policies or rules, select
    Run
    in the top left of the screen.
    You can view the most recent run time and user who ran the report under the status information section. After you run the report, BIG-IQ will display a report of all unused objects.
    It is important to note that this report only shows objects that are currently not used by any AFM policies or rules. Some of the objects may still be referenced in other modules, such as LTM or Shared Security.
  3. To filter this report by one type of object, select
    Protocol Security
    ,
    Network Firewall
    , or
    Network Address Translation
    from the summary bar.
  4. You may also search through the report using the custom search filter on the left of the report. Use the drop down menu to select a value to filter by, then enter the phrase to match in the search.
    For example, choose
    Partition
    from the drop down menu and enter
    Common
    into the search bar to generate a report of unused objects that are available for all BIG-IQ users.
  5. Select anywhere in the row of an unused object in order to see information about that Network Security object.
  6. To export this data to your machine as a CSV file, select
    Export
    in the top left corner.

Manage and delete unused objects

Before you can delete or edit unused Advanced Firewall Manager (AFM) objects, you must first run a report to find all unused objects. To do so, follow the procedure in
Generate a report for unused objects
.
Delete unused Network Security objects in order to save resources for your BIG-IQ and clean up your configurations. You may also make edits to unused objects from the unused objects report in order to update their configurations and use them in an AFM rule or policy.
  1. Go to
    Configuration
    SECURITY
    Network Security
    Unused Objects
    .
  2. To edit an object, find the object in the list you wish to edit.
  3. Select the name of the object to edit.
    You will be directed to a page where you can make configuration changes. If you wish to add this object to an AFM rule or policy, you may do so later.
  4. To delete an unused object, navigate to the Network Security object you wish to remove from BIG-IQ and select
    Delete
    .
    If you decide to delete a unused object, make sure to check that it is not also be used in another module such as Shared Security or LTM. Deleting unused AFM objects from this interface will delete them everywhere across BIG-IQ.
Once you have finished, the unused Network Security objects will be edited or deleted across BIG-IQ.