Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1185
Views
1
Helpful
1
Replies

ASA "no object-group-search access-control"

johnlloyd_13
Level 9
Level 9

‎11-08-2023 05:54 PM

hi,

i have a FPR 3100 with ASA version 9.18 and notice this "new" command line "no object-group-search access-control".

saw this in a cisco doc but doesn't make too much sense.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/firewall/asa-firewall-cli/access-rules.html

can someone explain in simple terms what this is, what it does and if i should leave it at the default (with the 'no')?

 

Additional Guidelines and Limitations

  • You can reduce the memory required to search access rules by enabling object group search, but this is at the expense rule lookup performance. When enabled, object group search does not expand network objects, but instead searches access rules for matches based on those group definitions. You can set this option using the object-group-search access-control command.

no object-group-search access-control
object network <NETWORK-NAME>
host <IP>

 

0 Helpful
1 Reply 1

MHM Cisco World
VIP
VIP

‎11-08-2023 08:17 PM

this command is not new, 
it used to reduce CPU overhead.
check ciscolive silde below 

Screenshot (66).png

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card