Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
5
Helpful
3
Replies

ASA 5516 network group limit

beconnect
Level 1
Level 1

‎09-02-2022 08:46 AM

Hi All

On ASA 5516 with 6.2.3.6 is there any limit on creating network object or network groups and assigning them to security policies?

We need to add, to an existing block rule,  more than 950 IP addresses ( as hosts) and then assign them to a policy

 

Can it be done somehow with a script?

Hope you can help 


Regards

 

0 Helpful
3 Replies 3

Alan Inman
Level 1
Level 1

‎09-02-2022 10:05 AM

See if this post in the Cisco forums helps. When you open the link scroll down to the highlighted post. I'm looking at another source as well

Rob Ingram
VIP
VIP

‎09-02-2022 12:07 PM

@beconnect if you have the threat license you can create a Security Intelligence Network List of IP addresses to block, which would be a text file of the IP address you just upload - this would be the quickest option.

https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/security_intelligence_blacklisting.html

6.2.3.6 is very old, I'd recommend upgrade, the 5516 supports up to version 7.0.x

0 Helpful

beconnect
Level 1
Level 1
In response to Rob Ingram

‎02-08-2023 01:53 PM

Hi Rob

We really need to add more than 2000 IP to block.

We already purchase threat license. So we are going to upgrade to 7.0

Is the update smooth to 7.0 ? any concerns?

Thanks for the help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card