Manual Chapter : Managing Unused Network Security Objects
Applies To:Show Versions
BIG-IQ Centralized Management
- 8.3.0, 8.2.0, 8.1.0, 8.0.0
Managing Unused Network Security Objects
About unused Network Security objects
Users of BIG-IQ Advanced Firewall Manager (AFM) can generate reports to identify all network security objects currently not being used by any AFM rules or policies. This report will display information for unused protocol security objects, network firewall objects, and network address translation objects.
You can use this interface to view properties of each of the items, view the run status including last run time and last user to generate a report, export the data to your local machine, and delete unused objects.
If you decide to delete a unused object, make sure to check that it is not also be used in another module such as Shared Security or LTM. Deleting unused AFM objects from this interface will delete them everywhere across BIG-IQ.
Generate a report for unused objects
You can use BIG-IQ to generate a report of all objects not currently referenced in any Advanced Firewall Manager (AFM) policies or rules. This allows you to clean up any unnecessary items from your BIG-IQ environment.
- Go to.
- To generate a report of objects that are not currently being used in any AFM policies or rules, selectRunin the top left of the screen.You can view the most recent run time and user who ran the report under the status information section. After you run the report, BIG-IQ will display a report of all unused objects.It is important to note that this report only shows objects that are currently not used by any AFM policies or rules. Some of the objects may still be referenced in other modules, such as LTM or Shared Security.
- To filter this report by one type of object, selectProtocol Security,Network Firewall, orNetwork Address Translationfrom the summary bar.
- You may also search through the report using the custom search filter on the left of the report. Use the drop down menu to select a value to filter by, then enter the phrase to match in the search.For example, choosePartitionfrom the drop down menu and enterCommoninto the search bar to generate a report of unused objects that are available for all BIG-IQ users.
- Select anywhere in the row of an unused object in order to see information about that Network Security object.
- To export this data to your machine as a CSV file, selectExportin the top left corner.
Manage and delete unused objects
Before you can delete or edit unused Advanced Firewall Manager (AFM) objects, you must first run a report to find all unused objects. To do so, follow the procedure in
Generate a report for unused objects.
Delete unused Network Security objects in order to save resources for your BIG-IQ and clean up your configurations. You may also make edits to unused objects from the unused objects report in order to update their configurations and use them in an AFM rule or policy.
- Go to.
- To edit an object, find the object in the list you wish to edit.
- Select the name of the object to edit.You will be directed to a page where you can make configuration changes. If you wish to add this object to an AFM rule or policy, you may do so later.
- To delete an unused object, navigate to the Network Security object you wish to remove from BIG-IQ and selectDelete.If you decide to delete a unused object, make sure to check that it is not also be used in another module such as Shared Security or LTM. Deleting unused AFM objects from this interface will delete them everywhere across BIG-IQ.
Once you have finished, the unused Network Security objects will be edited or deleted across BIG-IQ.