cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

349
Views
0
Helpful
1
Replies
Highlighted
Beginner

Best practices regarding Service Groups in Cisco ASA

Good day,

I wonder if there is any best practice guideline regarding the use of TCP/UDP Service Groups, instead of several one-port access-rules

For example, if you have several subnets who need to talk to some domain controllers in one subnet, for AD-traffic - it quick get a lot of access-rules if you use one rule per port. On the other side, you can easily see which rules have hits, and who have no hits - and might be removed.

I'm thinking of creating a Service Group for all AD-traffic, so I only need one rule for each interface for this traffic.

Any downsides doing this? Do use of Service Groups impact performance?

Thanks.

1 REPLY 1
Highlighted
Cisco Employee

Please check the below link for best practices guide:-

http://www.cisco.com/c/en/us/about/security-center/firewall-best-practices.html

Content for Community-Ad