https://community.cisco.com/t5/network-security/asdm-multiple-network-objects-vs-group-for-rules/m-p/1845513#M492151 <HTML><HEAD></HEAD><BODY><P>Hello Tony,</P><P></P><P>Of course, it will be better because the processing that the ASA is going to use to determine witch rule to match would be decremented, also it would take less space on the configuration file (memory). those are some of the pros regarding creating groups for particular rules.</P><P>Sometimes a huge configuration file can increment the CPU usage,etc,etc. so it is better to keep it as small and organized as possible.</P><P></P><P>Please rate helpful posts.</P><P></P><P>Regards,</P><P></P><P>Julio</P></BODY></HTML> Tue, 29 Nov 2011 21:51:42 GMT Julio Carvajal 2011-11-29T21:51:42Z https://community.cisco.com/t5/network-security/asdm-multiple-network-objects-vs-group-for-rules/m-p/1845512#M492149 <P>I was just curious if there are any performance benefits of using multiple network objects on multiple rules vs consolidating them into fewer rules by grouping them?&nbsp; </P><P></P><P>For example, I have about 10 lines of NAT exempt rules from the same source to multiple destinations.&nbsp; Is there anything to be gained if I consolidated those into a single rule using an object group for the multiple destinations aside from cleaning up the clutter in ASDM?</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 21:57:02 GMT https://community.cisco.com/t5/network-security/asdm-multiple-network-objects-vs-group-for-rules/m-p/1845512#M492149 Tony Kan 2019-03-11T21:57:02Z https://community.cisco.com/t5/network-security/asdm-multiple-network-objects-vs-group-for-rules/m-p/1845513#M492151 <HTML><HEAD></HEAD><BODY><P>Hello Tony,</P><P></P><P>Of course, it will be better because the processing that the ASA is going to use to determine witch rule to match would be decremented, also it would take less space on the configuration file (memory). those are some of the pros regarding creating groups for particular rules.</P><P>Sometimes a huge configuration file can increment the CPU usage,etc,etc. so it is better to keep it as small and organized as possible.</P><P></P><P>Please rate helpful posts.</P><P></P><P>Regards,</P><P></P><P>Julio</P></BODY></HTML> Tue, 29 Nov 2011 21:51:42 GMT https://community.cisco.com/t5/network-security/asdm-multiple-network-objects-vs-group-for-rules/m-p/1845513#M492151 Julio Carvajal 2011-11-29T21:51:42Z https://community.cisco.com/t5/network-security/asdm-multiple-network-objects-vs-group-for-rules/m-p/1845514#M492153 <HTML><HEAD></HEAD><BODY><P>Well using object group is easy for sure no performance benifit but easy to manage things also less configuration is required . Consider it like if you need to same ACL -</P><P></P><P>Source is A </P><P></P><P>Destination B C D</P><P></P><P>Total 4 ACL right instead of doing that you can create two object groups Object A and B and you can add networks over there . When you will look at actual lines added would be 4.</P><P></P><P>so nothing but it makes job easy.</P><P></P><P>Thanks</P><P>Ajay</P></BODY></HTML> Tue, 29 Nov 2011 21:53:32 GMT https://community.cisco.com/t5/network-security/asdm-multiple-network-objects-vs-group-for-rules/m-p/1845514#M492153 ajay chauhan 2011-11-29T21:53:32Z