This article describes how to identify address objects that are in use and those that are not in use in any policy configuration.
Use the firewall Command Line Interface (CLI) to view all configured address objects:
SSG140-> get config | i address
set address "Trust" "Address1" 10.1.1.0 255.255.255.0
set address "Trust" "Address2" 10.1.2.0 255.255.255.0
set address "Trust" "Address3" 10.1.3.0 255.255.255.0
set address "Trust" "Address4" 10.1.4.0 255.255.255.0
set address "Trust" "Address5" 10.1.5.0 255.255.255.0
Then search for each address to determine whether it is being used.
Case 1
SSG140-> get config | i "Address1"
set address "Trust" "Address1" 10.1.1.0 255.255.255.0
set policy id 1 from "Trust" to "Untrust" "Address1" "Any-IPv4" "ANY" permit
This indicates that the object named "Address1" is being used by policy ID 1.
Case 2
SSG140-> get config | i "Address2"
set address "Trust" "Address2" 10.1.2.0 255.255.255.0
This indicates that the object named "Address2" is not being used by any policy.
Case 3
SSG140-> get config | i "Address3"
set address "Trust" "Address3" 10.1.3.0 255.255.255.0
set group address "Trust" "Group1" add "Address3" <<<< look here
SSG140-> get config | i "Group1"
set group address "Trust" "Group1"
set group address "Trust" "Group1" add "Address3"
set group address "Trust" "Group1" add "Address4"
set policy id 2 from "Trust" to "Untrust" "Group1" "Any-IPv4" "ANY" permit <<<< look here
This indicates that the object named "Address3" is part of Group1, which, in turn, is being used by policy ID 2. Therefore, this address object is in use.
Case 4
SSG140-> get config | i Address5
set address "Trust" "Address5" 10.1.5.0 255.255.255.0
set src-address "Address5"
This indicates that the address is being used in one of the policies, which has multiple address objects selected.