checking whether objects are in use?

[reticent]

Hey Guys,

A colleague wrote a script to pull out a list of unused objects from our firewall managers. I have a list of several hundred hosts (ouch!) thare are no longer being used within any rulebases. Rather than just scripting up dbedit to delete those hosts I wan't to double check they _really_ aren't being used. Short of doing a right click, where used on each of the objects is there a better way to check if objects are being used?

I was hoping there would be something like dbedit that's able to check whether hosts are being used?

Cheers,

Stew

[Thorpuse]

In SmartDashboard -

Search/Query Network Objects/ Filter by Unused Objects.

This is one of those little tools that people don't realise is there, but is extremely useful. Note that "used" can mean used in a saved policy or as a member of a group, so if you've got unused groups, you'll need to delete the group and then re-run the query. The good thing here is that you can delete objects from within the query window, and things like "Select All" work... :)

HTH,

[reticent]

Thanks a lot, that's exactly what I was after. I'll give it a crack this weekend - here's hoping the objects that it determines to be unused, are in fact unused :) I guess it's a wise idea to create a database revision before I do my mass delete.

On a similar topic, is there a way to check if users are not within a rule or a group used in a rule? You can't do the regular right click 'where used' on them so I'm guess it's going to be more difficult.

Thanks,

Stew