How to Audit your DMZ LTM for Public Address Space

So we only have so many public IPv4 addresses and when you start running low you need to find out where they all went and are they still being used.

Our DMZ LTM (which is where the Public IPs are found on the Virtual Servers) you can run a script that will check for

Availability = anything but enabled


State = offline


Total Connections = 0

Note on the script below I'm looking at all Virtual Servers found on the Integration partition

tmsh -q show ltm virtual /Integration/* | grep '^Ltm\|Avail\|State\|Total C' | awk 'BEGIN {RS="Ltm\:\:"; format = "%-55s %-10s %-10s %s\n"; printf format, "VS", "Avail", "State", "Connections" } $9 !~/enabled/ || $6 ~/offline/ || $12 ~/^0/ {printf format, $3, $6, $9, $12}' 2>/dev/null

It seems to work pretty good.  I am still working on the script to include the Destination (which would be the public IP Address).  If I figure it out I'll include it here.  A bummer is I can't include the Description field of a Virtual Server when using show command, you have to use list to get the Description field.  Why is it a big deal? It's not, just a nice to have if you put information on who owns the Virtual Server in the description field so you would know who to go to for validation the VS is still required.

A better command to use that will search all partitions and not just Integration as shown above

tmsh -c "cd /;show ltm virtual recursive" | egrep 'Ltm::|State' | grep -B1 enabled

You'll have to play with it to get exactly what you want but the first part will search all partitions.

