Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2726
Views
0
Helpful
2
Replies

ACL optimization

ahmedraees
Level 1
Level 1

‎03-17-2010 06:11 AM - edited ‎03-11-2019 10:22 AM

I have 14000 ACEs under one ACL. Actually I want to  block whole of the world except North America and Mexico. Any idea how to optimize this list . Any tool

Labels:
0 Helpful
2 Replies 2

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎03-17-2010 09:21 AM

Hi,

If you just want to permit some ranges and deny everything else, the recommendation is to specify what you want to permit and by default everything else will be denied.

If this is an ASA, you can use Object-Groups to group networks and in this way reduce dramatically the list.

Federico.

0 Helpful

KARUPPUCHAMY MALAIYANDI
Level 4
Level 4
In response to Federico Coto Fajardo

‎03-17-2010 09:27 AM

Hi,

If you are using FWSM then you can use ACL optimization future. It will analyse and will give the report of zero hit count ACLs.

You can remove those ACLs.

Else, you have to enable logging and you have to find the zero hit-count and remove those zero hit count ACLs

Regards

Karuppu

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card