Search and Filter ASA Network Rules in the Access List

Search

Use the search bar to search for names, keywords, or phrases in the names of the rules within the access list. Search is not case-sensitive.

Filter

Use the filter sidebar to find network policy issues. Filtering is not additive, each filter setting acts independently of the other.

Policy Issues

CDO identifies network policies that contain shadow rules. The number of policies that contain shadow rules is indicated in the Policy Issues filter:

CDO marks shadowed rules and network policies that contain them with the shadow badge shadow_badge.png on the network policies page. Click Shadowed to view all the policies containing shadow rules. See Shadow Rules for more information.

Hits

Use this filter to find rules across the access lists that have been triggered a number of times over a specified period.

Filter Use Cases

Find all rules that have zero hits

If you have rules without any hits, you can edit them to make them more effective or simply delete them.

  1. Select an ASA device and in the Management pane on the right, click Policy.

  2. Above the rule table, click Clear to clear any existing filters.

  3. Click the filter icon and expand the Hits filter.

  4. Select a time period.

  5. Select 0 hits.

Find out how often rules in a network policy are being hit

  1. Select an ASA device and in the Management pane on the right, click Policy.

  2. Above the rule table, click Clear to clear any existing filters.

  3. Click the filter icon and expand the Hits filter.

  4. Select a time period.

  5. Select the different hits filters to see what category the different rules fall into.

Filter network policies by hit rate

  1. Select an ASA device and in the Management pane on the right, click Policy.

  2. Above the rule table, click Clear to clear any existing filters.

  3. Click the filter icon and expand the Hits filter.

  4. Select a time period.

  5. Select the different hit rate categories. CDO displays the rules that are getting hit at the rate you specify.