https://community.cisco.com/t5/network-security/pix-access-lists/m-p/311971#M555793 <HTML><HEAD></HEAD><BODY><P>Yes you should put the more busy ones in the beginning.</P><P></P><P>By the way there are two interesting features for access-list.</P><P></P><P>1.) Turbo access-list </P><P>TurboACL is a feature introduced with PIX Firewall version 6.2 that improves the average search time for access control lists containing a large number of entries. The TurboACL feature causes the PIX Firewall to compile tables for ACLs and this improves searching of long ACLs.</P><P></P><P>[no] access-list compiled</P><P>[no] access-list <ID> compiled</ID></P><P></P><P>See: <A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb721.html#wp1034390" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb721.html#wp1034390</A></P><P></P><P></P><P>2.) You can add access-list with a <LINE> statement, see eample:</LINE></P><P></P><P>[no] access-list <ID> [line <LINE-NUM>] deny|permit ...</LINE-NUM></ID></P><P></P><P>sincerely</P><P>Patrick</P><P></P><P></P></BODY></HTML> Wed, 27 Oct 2004 15:16:44 GMT Patrick Iseli 2004-10-27T15:16:44Z https://community.cisco.com/t5/network-security/pix-access-lists/m-p/311970#M555790 <P>I finally got around to changing my conduits to access list entries. Should I adjust the order of the access list entries, keeping the busy entries first in line? My assumption is that the access list group is queried in order, similar to an IOS driven device. Thanks for the input.</P> Fri, 21 Feb 2020 07:42:30 GMT https://community.cisco.com/t5/network-security/pix-access-lists/m-p/311970#M555790 jeff.carr 2020-02-21T07:42:30Z https://community.cisco.com/t5/network-security/pix-access-lists/m-p/311971#M555793 <HTML><HEAD></HEAD><BODY><P>Yes you should put the more busy ones in the beginning.</P><P></P><P>By the way there are two interesting features for access-list.</P><P></P><P>1.) Turbo access-list </P><P>TurboACL is a feature introduced with PIX Firewall version 6.2 that improves the average search time for access control lists containing a large number of entries. The TurboACL feature causes the PIX Firewall to compile tables for ACLs and this improves searching of long ACLs.</P><P></P><P>[no] access-list compiled</P><P>[no] access-list <ID> compiled</ID></P><P></P><P>See: <A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb721.html#wp1034390" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb721.html#wp1034390</A></P><P></P><P></P><P>2.) You can add access-list with a <LINE> statement, see eample:</LINE></P><P></P><P>[no] access-list <ID> [line <LINE-NUM>] deny|permit ...</LINE-NUM></ID></P><P></P><P>sincerely</P><P>Patrick</P><P></P><P></P></BODY></HTML> Wed, 27 Oct 2004 15:16:44 GMT https://community.cisco.com/t5/network-security/pix-access-lists/m-p/311971#M555793 Patrick Iseli 2004-10-27T15:16:44Z https://community.cisco.com/t5/network-security/pix-access-lists/m-p/311972#M555798 <HTML><HEAD></HEAD><BODY><P>Excellent.</P><P>Thanks for the response, and for the info on 'TurboACL' and 'add ACL with line num'. Will come in handy.</P><P></P><P>Jeff</P></BODY></HTML> Wed, 27 Oct 2004 15:43:39 GMT https://community.cisco.com/t5/network-security/pix-access-lists/m-p/311972#M555798 jeff.carr 2004-10-27T15:43:39Z