Modifying PIX Object-Groups
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2003 01:12 PM - edited 02-20-2020 10:44 PM
Once an Object-Group is defined and used in an access-list can the Object-Group be modified without removing the access-list from the interface?
Sample:
object-group network OutsideWebServers
network-object host 10.10.10.10
network-object host 10.10.10.11
"access-list Protect_Outside permit tcp any object-group OutsideWebServers eq www"
"access-group Protect_Outside in interface outside"
Can I then add another network-object host 10.10.10.12 to the OutsideWebServers group without removing the access-list from the Outside interface?
- Labels:
-
Other Network Security Topics
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2003 08:57 AM
Absolutely. That's why object-groups are so cool. Just add, change, or subtract hosts from the object-group and your access-lists will be updated automatically.
