Whether you're doing a security assessment, preparing for a migration, or just cleaning up years of accumulated config cruft—here's a practical checklist for auditing IP addresses in your firewall configuration.

Why Audit IP Configuration?

Firewall configurations accumulate technical debt over time. Address objects get created for one-off projects and never removed. Subnets get allocated and forgotten. VIPs stay configured long after servers are decommissioned.

Regular audits help you:

Identify unused address objects cluttering your config
Spot IP conflicts before they cause outages
Document actual IP allocation for compliance
Plan capacity for new projects
Prepare for migrations with accurate inventory

The Audit Checklist

1. Address Object Inventory

☐Export all address objects with their values
☐Count total objects by type (host, subnet, range, FQDN)
☐Identify objects with missing or outdated descriptions
☐Flag objects not referenced in any policy (potential cleanup candidates)
☐Check for duplicate objects pointing to the same IP

2. Address Group Analysis

☐List all groups and their member counts
☐Identify empty groups (zero members)
☐Expand nested groups to see full membership
☐Check for circular group references
☐Verify group naming follows conventions

3. Interface and Subnet Review

☐Document all interface IP assignments
☐Verify no overlapping subnets on different interfaces
☐Check interface descriptions match actual usage
☐Identify interfaces without IP assignments
☐Verify zone assignments are correct

4. VIP/NAT Mapping Review

☐List all VIPs with external→internal mappings
☐Verify internal servers still exist for each VIP
☐Check for VIPs pointing to decommissioned IPs
☐Document port mappings (external port → internal port)
☐Identify unused public IPs in VIP pool

5. Route Table Analysis

☐Export all static routes
☐Verify next-hop IPs are reachable
☐Check for routes to decommissioned networks
☐Identify overlapping routes with different metrics
☐Document default gateway configuration

6. RFC 1918 and Public IP Review

☐Categorize all IPs as private (RFC 1918) or public
☐Verify public IPs are actually owned/assigned to you
☐Check for accidental use of public IPs internally
☐Identify CGNAT ranges (100.64.0.0/10) if applicable
☐Document link-local addresses (169.254.x.x)

Common Issues to Look For

Stale Objects

Address objects created for projects that ended years ago. Look for objects with old naming conventions, references to decommissioned systems, or descriptions mentioning past dates.

Overly Broad Definitions

Objects like "any" or "0.0.0.0/0" used in places where they shouldn't be. Also watch for /8 or /16 subnets when more specific ranges would be appropriate.

Naming Inconsistencies

Mixed naming conventions: "Web-Server-01" vs "WEBSRV_01" vs "web-server-1". This makes maintenance harder and indicates config accumulated from multiple admins over time.

Missing Documentation

Objects without descriptions or with unhelpful descriptions like "temp" or "test". Every object should explain what it's for and who owns it.

Automating the Audit

Manually reviewing a firewall config with hundreds of address objects is tedious and error-prone. Here's a faster approach:

Export your firewall config backup
Upload to SimpleIPAM for automatic parsing
Export the structured data as CSV
Use the CSV to work through this checklist
Document findings and remediation actions

Start Your Config Audit

After the Audit

Once you've identified issues, prioritize remediation:

Critical: IP conflicts, incorrect VIP mappings, routing issues
High: Unused objects referenced in policies, stale NAT rules
Medium: Missing documentation, naming inconsistencies
Low: Completely unused objects (safe to remove but not urgent)

Make config changes during maintenance windows, and always have a rollback plan.

Tagged: audit, checklist, best-practices

Firewall Config Audit Checklist: IP Address Review