Hello FWSM experts,
An FWSM V4.1 blade is operating with 15 ip interfaces, each one with its specific access list.
The security managers say that maintaining a single ACL instead of 15 would represent a significant improvement. For that reason they suggest:
1) Merging the rules of every specific ACL into a single one. By my calculations, the merged ACL would be 90.000 rules sized (close to the limit of 100.000).
2) Applying the resulting merged ACL to every interface. (Despite having therefore each interface using no more than 10% of the ACL rules).
I hesitate whether this approach is a good principle of design in terms of both architecture and resource consumption. So I would really appreciate any advice prior to carry on.
Kind regards.
Albert.