cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Delete Unused Hosts, Networks, and Groups (R80.10 SMS & MDS)

V2 **Updated to support object databases of any size**

V3 **Added Separate scripts for MDS Support** 

V4 **Combined MDS and SMS into a single script. Export now creates a single file instead of two. **

NOTE: The larger the object database the more time this takes to run.

This is a simple shell script that will allow you to parse a particular object database for unused objects. The results will be output into three files of mgmt_cli commands to delete those objects (Host, Network, Group). You could use those files to automatically delete the objects but I suggest reviewing anything before you delete rules. Both SMS and MDS are supported in the same script.

You have two options of use; NAME or UID.

Please be careful when using any API tool to modify your database. Be sure to verify all data and have Backups

How to use

  • cp script over to mgmt station (this script is intended to run directly on the mgmt station)
  • execute ./script-name.sh
    • script will ask for IP of SMS or Domain of MDS you wish to search
  • Output will be in delete-unused-objects.txt
    • delete-unused-objects.txt will have the mgmt_cli commands for deletion. If you want to execute it do the following;
      • chmod 755 delete-unused-objects.txt
      • ./delete-unused-objects.txt

Original files on github: GitHub - cpmidsouth/Delete-Unused-Objects: This Script will seach the object database for Unused Obj... 

 

Feedback welcome this was a simple project that came out of a client request.

Labels (2)
Tags (2)
6 Replies

Re: Delete Unused Hosts, Networks, and Groups (R80.10 SMS & MDS)

Hi Adam,

This is really nice script. I have run this in my LAB and tested.

Please let me know if we can do the same thing with Unused Rules. A script which shows names of Unused Rules.

0 Kudos

Re: Delete Unused Hosts, Networks, and Groups (R80.10 SMS & MDS)

Gaurav,

Thanks for the nice comment. I did a script a couple weeks ago that would search the rulebase for zero hit count. Take a look at it:  

I'm working on v3 to be a bit more flexible with layers.

-Adam

Re: Delete Unused Hosts, Networks, and Groups (R80.10 SMS & MDS)

mgmt_cli and these scripts are for R80.x right?

Re: Delete Unused Hosts, Networks, and Groups (R80.10 SMS & MDS)

Hi Chris,

Yes. It is for R80.x

Re: Delete Unused Hosts, Networks, and Groups (R80.10 SMS & MDS)

Great! This is exactly what i am looking for! I am migrating the configuration from an old firewall to check point and I always have hated insert unused objects in the new policy!!

I am going to test it!

Thank you

Re: Delete Unused Hosts, Networks, and Groups (R80.10 SMS & MDS)

Awesome! Glad this will help, let me know if you have questions. After you get running and logs going for a few months take a look at   and it will help you clean up your rulebase some