09-20-2016 12:30 PM - edited 03-12-2019 01:18 AM
I was wondering if someone would let me know what is currently considered best practice for ACL's on the ASA-5510? We want to add more rules to restrict access to the ASA and the LAN behind it. Would blacklisting or whitelisting be better?
The ASA-5510 has 256 MB of main memory and 1 GB of CF drive on it. It's running ASA825-59-K8 for software and couldn't be upgraded any further under current conditions. Since it is scheduled for replacement, we are reluctant to put more RAM in it.
Thanks in advance for any assistance you can give.
09-20-2016 07:09 PM
Hi,
Make sure you are on the latest software in the 8.2 train (due to memory). Also, check below links...
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/200150-Cisco-Guide-to-Harden-Cisco-ASA-Firewall.html
http://www.cisco.com/c/en/us/about/security-center/firewall-best-practices.html
Few of the commands may not support on your ASA code.
hth
MS
09-21-2016 05:58 AM
Thanks for the information and the links. It'll be helpful when I get through all of it.
09-22-2016 05:44 AM
I find its better to create objects using the IP address rather than a name so you can find it easier in the cli. you can use the description to add the server name.
For eg: 10.2.2.20 = WEBSVR001
object network OBJ_10.2.2.20
host 10.2.2.20
description WEBSVR001
then if you ever search for the ip address you can find the object its used in.
The object is used in acl's so you can also see the ip address rather than the name.
09-22-2016 05:56 AM
Thanks for the information and suggestions.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: