Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
658
Views
0
Helpful
1
Replies

Difference between grouped object network hosts and object-network

tclausen1
Level 1
Level 1

‎01-18-2022 06:15 PM

Hello World,

I have to add 1800+ IPs to block on ASA 5516x and I was wondering if there is a fundamental difference between creating each 'object network <name>' and adding them to a group, vs creating the 'object-network Blacklist' group and then adding each host in the sub-menu context with 'network-object w.x.y.z mask'. Is there less overhead the second way?  In testing I only see the network object listed once under the group object in the running config as opposed to the first way, where I see the object itself listed, then again under the group.

 

Thank You

-t

0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎01-19-2022 03:00 AM

If they are individual host, that is the only Option you have to add each host to Object Group.  if you add network other device in the network get blocked. so personally i only see that option.

 

From my notes difference between host and network.

 

- object just contains a single type of object, whether it's network object (single IP address or subnet), or service object (tcp port(s), protocol, udp port(s)).

- object group contains a group of objects, so you can combine all the same type of objects into a group, eg: a single IP, subnets, different subnets, different IP into one network object-group.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card