Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
450
Views
1
Helpful
3
Replies

Best ACL for internet facing port

Go to solution
CiscoPurpleBelt
Level 6
Level 6

‎08-24-2017 01:43 PM - edited ‎02-21-2020 06:14 AM

What is the best way to create an ACL to be used on an internet facing edge port to keep the logs down when packets are denied from devices not permitted according to the ACL? Is there anyway to hide the public IP from the internet?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎08-24-2017 02:14 PM

Don't use the "log" keyword for "deny" entries, and you wont get logging entries.

View solution in original post

3 Replies 3

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎08-24-2017 02:14 PM

Don't use the "log" keyword for "deny" entries, and you wont get logging entries.

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to Philip D'Ath

‎08-25-2017 04:20 AM

Thanks. I know some people keep adding suspect/bad IPs to a deny statement in a ACL which then gets to be very long. I want to keep track of what is going on but yes the log will get pounded.
0 Helpful

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to Philip D'Ath

‎08-25-2017 07:20 AM

Thanks. I know some people keep adding suspect/bad IPs to a deny statement in a ACL which then gets to be very long. I want to keep track of what is going on but yes the log will get pounded.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card