Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
324
Views
0
Helpful
2
Replies

Best strategy for large scale rule base modifications

peter-net
Level 1
Level 1

‎02-25-2008 07:15 AM - edited ‎03-11-2019 05:08 AM

I am going to be doing a very significant number of config changes to a production Pix 525. This includes removing entire access lists, some objects, shutting down some unused interfaces, adding some new object groups, removing some access list entries in rules etc. Essentially - is a major spring clean. Im debating whether to just totally erase the existing config and tftp the new one straight in - or edit the current one bit by bit to get it how I want it. My instinct is just to erase - and load new config. This feels the cleaneset least risky option (obviously I will back up configs). The Pix can have some downtime as is part of a failover pair. So - what is the intelligence here -? do the mods via one clean hit - or carefully modify the exisiting config "piecemeal fashion"?

By the way the current config is 20 pages long. My mods reduce this to 12. Thanks in adavance

Labels:
0 Helpful
2 Replies 2

didyap
Level 6
Level 6

‎02-29-2008 12:41 PM

The better option would be to erase the entire configuration and then copy the new one at one go. This will take only a small amount of time but will save a lot of effort that would be required for troubleshooting if the step by step process does not goes smooth.

0 Helpful

onlyabhishek007
Level 1
Level 1

‎03-07-2008 12:27 AM

first u go to plan a new configuration which u need to implement on the firewall then copy your current configuration on the notepad and edit that as u need and taking downtime . erase the cong and copy new configuration from notepad to pix

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card