!************************************************************************************
!The following order of rule and object removal is used in this script: 
!	1.	Remove redundant rules.
!	2.	Remove rules with zero usage.
!	3.	Remove objects with hit count zero from rules.
!	4.	Remove unreferenced objects
!Sections 2, 3 are included only if log data is processed.
!The script can be edited at any time to delete a rule or object cleanup command.
!************************************************************************************



!***********************************************************
!Section containing commands to remove redundant rules
!***********************************************************
!Rule: 74 is redundant to: [76] and is being deleted.
!  access-list acl_outside permit tcp any host 62.59.14.169 object-group web_svcs
no access-list acl_outside permit tcp any host 62.59.14.169 eq https 

!Rule: 83 is redundant to: [80, 81] and is being deleted.
!  access-list acl_mail1 permit tcp any host 192.168.1.2 eq smtp 
!  access-list acl_mail1 permit tcp any host 192.168.1.2 eq pop3
no access-list acl_mail1 deny tcp any host 192.168.1.2 object-group mail_svcs

!Rule: 89 is redundant to: [91] and is being deleted.
!  access-list acl_inside permit tcp any any eq ftp 
no access-list acl_inside permit tcp host 172.16.0.24 any eq ftp 

!Rule: 90 is redundant to: [92] and is being deleted.
!  access-list acl_inside permit tcp any any eq ssh 
no access-list acl_inside permit tcp host 172.16.0.24 any eq ssh 

!Rule: 95 is redundant to: [108] and is being deleted.
!  access-list acl_inside permit udp any any
no access-list acl_inside permit udp host 172.16.0.68 any eq domain 

!Rule: 98 is redundant to: [108] and is being deleted.
!  access-list acl_inside permit udp any any
no access-list acl_inside permit udp host 172.16.0.68 any eq ntp 

!Rule: 104 is redundant to: [91] and is being deleted.
!  access-list acl_inside permit tcp any any eq ftp 
no access-list acl_inside permit tcp host 172.16.0.19 any eq ftp 

!Rule: 105 is redundant to: [92] and is being deleted.
!  access-list acl_inside permit tcp any any eq ssh 
no access-list acl_inside permit tcp host 172.16.0.19 any eq ssh 

!Rule: 109 is redundant to: [108] and is being deleted.
!  access-list acl_inside permit udp any any
no access-list acl_inside permit udp host 192.168.5.251 any 

!Rule: 111 is redundant to: [108] and is being deleted.
!  access-list acl_inside permit udp any any
no access-list acl_inside permit udp host 192.168.5.250 any 

!Rule: 112 is redundant to: [113] and is being deleted.
!  access-list acl_inside permit tcp any any eq 5901 
no access-list acl_inside permit tcp any host 192.168.50.2 eq 5901 

!Rule: 114 is redundant to: [108] and is being deleted.
!  access-list acl_inside permit udp any any
no access-list acl_inside permit udp any any eq 5901 

!Rule: 116 is redundant to: [108] and is being deleted.
!  access-list acl_inside permit udp any any
no access-list acl_inside deny udp any any range 135 139

!Rule: 117 is redundant to: [98, 108] and is being deleted.
!  access-list acl_inside permit udp host 172.16.0.68 any eq ntp 
!  access-list acl_inside permit udp any any
no access-list acl_inside permit udp any host 172.16.0.4 eq ntp 

!Rule: 118 is redundant to: [97] and is being deleted.
!  access-list acl_inside permit tcp any any eq nntp 
no access-list acl_inside permit tcp 172.16.0.0 255.255.0.0 any eq nntp

!Rule: 120 is redundant to: [91] and is being deleted.
!  access-list acl_inside permit tcp any any eq ftp 
no access-list acl_inside permit tcp host 172.16.0.15 any eq ftp 

!Rule: 121 is redundant to: [92] and is being deleted.
!  access-list acl_inside permit tcp any any eq ssh 
no access-list acl_inside permit tcp host 172.16.0.15 any eq ssh

!Rule: 139 is redundant to: [141] and is being deleted.
!  access-list acl_proxymail permit tcp any any object-group inet_svcs
no access-list acl_proxymail permit tcp any any object-group web_svcs 

!Rule: 140 is redundant to: [141] and is being deleted.
!  access-list acl_proxymail permit tcp any any object-group inet_svcs
no access-list acl_proxymail permit tcp any any object-group mail_svcs




!***********************************************************
!Section containing commands to remove rules with zero usage
!***********************************************************
!The following rules are being removed due to zero usage, based on log data.

!Removing access list entry for linenum 136 based on log-data.
no 136: access-list acl_testweb permit udp any any eq dnsix

!Removing access list entry for linenum 129 based on log-data.
no 129: access-list acl_guest permit tcp any any

!Removing access list entry for linenum 128 based on log-data.
no 128: access-list acl_guest permit udp any any

!Removing access list entry for linenum 131 based on log-data.
no 131: access-list 110 permit ip 10.0.0.0 255.0.0.0 192.168.16.0 255.255.255.0

!Removing access list entry for linenum 130 based on log-data.
no 130: access-list 110 permit ip 172.16.0.0 255.255.0.0 192.168.16.0 255.255.255.0

!Removing access list entry for linenum 85 based on log-data.
no 85: access-list acl_mail1 permit udp host 192.168.1.200 object-group db_svrs eq 118

!This access list entry for linenum 83 is already removed as being redundant.

!Removing access list entry for linenum 93 based on log-data.
no 93: access-list acl_inside permit tcp any any eq 81

!This access list entry for linenum 95 is already removed as being redundant.

!Removing access list entry for linenum 88 based on log-data.
no 88: access-list acl_inside permit tcp any any eq 5405

!Removing access list entry for linenum 96 based on log-data.
no 96: access-list acl_inside permit tcp any any eq 9895

!Removing access list entry for linenum 110 based on log-data.
no 110: access-list acl_inside permit tcp any any eq 5900

!This access list entry for linenum 111 is already removed as being redundant.

!This access list entry for linenum 109 is already removed as being redundant.

!This access list entry for linenum 104 is already removed as being redundant.

!This access list entry for linenum 105 is already removed as being redundant.

!This access list entry for linenum 118 is already removed as being redundant.

!This access list entry for linenum 117 is already removed as being redundant.

!This access list entry for linenum 116 is already removed as being redundant.

!This access list entry for linenum 114 is already removed as being redundant.

!Removing access list entry for linenum 127 based on log-data.
no 127: access-list acl_guest permit icmp any any

!Removing access list entry for linenum 126 based on log-data.
no 126: access-list acl_guest permit tcp any any eq smtp

!Removing access list entry for linenum 125 based on log-data.
no 125: access-list acl_guest permit udp any any eq domain

!Removing access list entry for linenum 124 based on log-data.
no 124: access-list acl_guest permit tcp any any eq pop3

!Removing access list entry for linenum 123 based on log-data.
no 123: access-list acl_guest permit tcp any any eq ftp

!Removing access list entry for linenum 122 based on log-data.
no 122: access-list acl_guest permit tcp any any eq www

!This access list entry for linenum 121 is already removed as being redundant.

!This access list entry for linenum 120 is already removed as being redundant.



!***********************************************************
!Section containing commands to remove objects with zero usage
!***********************************************************
!This section does not contain any command script.


!***********************************************************
!Section containing commands to remove unreferenced objects.
!***********************************************************

!Remove the unreferenced object Grp : internal_mail_svrs.
no object-group network internal_mail_svrs

!Remove the unreferenced object Grp : common_ports.
no object-group service common_ports tcp