cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
316
Views
0
Helpful
1
Replies

Firewall rulebase management

carl_townshend
Spotlight
Spotlight

Hi All

One of the companys I work for has 950 rules on the firewall, would you consider this excessive ?

The rules are a mix of application, and then rule allowed by site

How best is it to manage a rulebase, should be manage it by application, and then have all the source / destination nets, and applications in a service group?

or should we leave it to rules per site etc?

your comments please

1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

Hi,

The best way to manage the ACL on the ASA device is to use the Object/Object-groups.

Also , you can separate rules in the configuration using the remarks on the ACL.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/a1.html#pgfId-1599158

Thanks and Regards,

Vibhor Amrodia

Review Cisco Networking for a $25 gift card