Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6856
Views
0
Helpful
1
Replies

Firewall Object Naming Convention

Go to solution
Mike Keenan
Level 1
Level 1

‎03-03-2015 02:30 PM - edited ‎03-11-2019 10:35 PM

Is there a standard (best practices) way of naming objects, object-groups, services objects and service object-groups in ASA firewalls? For example:
If you had IP addresses that pertain to a particular set of application servers that included 10.1.1.1 (somecompany01.net) and 10.1.1.5 (somecompany02.net) within one parent object-group, what would you name that parent object group? I am trying to come up with a standard that includes different fields that convey meaning. For example: XXX-XXX-XXXXXX would be three fields of information with the first being an acronym for physical location such as "CWY" for Conway, the next being an acronym for an operating system such as "WDS" for windows and the final one being the name of the application (there might be a few more fields for primary, secondary, test, dev ect.). If there is not a standard does anyone out there reading this have a good way of doing it that works for them?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎03-03-2015 05:39 PM

Hi Michael,

There is no standard practice and depends entirely upon your preference like may be you can use CAPS or IP's or something specific to your network, device etc so that it gives you an idea. I think it really boils down to individual preference and also depending upon the size and complexity of the network. From one doc:

It doesn't matter what convention you use, but it should be

 

  • consistent
  • descriptive
  • simple and easy to type
  • distinct so that you need not to check the name of a interface/object-group every time, you just type a presumably name and it should match
  • try to avoid redundant information 

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎03-03-2015 05:39 PM

Hi Michael,

There is no standard practice and depends entirely upon your preference like may be you can use CAPS or IP's or something specific to your network, device etc so that it gives you an idea. I think it really boils down to individual preference and also depending upon the size and complexity of the network. From one doc:

It doesn't matter what convention you use, but it should be

 

  • consistent
  • descriptive
  • simple and easy to type
  • distinct so that you need not to check the name of a interface/object-group every time, you just type a presumably name and it should match
  • try to avoid redundant information 

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card