Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
5561
Views
0
Helpful
1
Replies

object and object group limits - context firewall

lkadlik
Level 1
Level 1

‎08-17-2017 04:15 PM - edited ‎03-12-2019 02:50 AM

Hi,

I have a cisco 5585, software version 9.5(2)2 running in context mode. 

Could someone please tell me the maximum number of objects I can have in a single context firewall, the maximum number of objects I can have in an object group in a single context firewall and how many object groups I can have in each acl?

Also, is it possible to block IP address ranges by geographical region versus ip host or  cidr block addresses?

Thank you.

Labels:
0 Helpful
1 Reply 1

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎08-17-2017 08:31 PM

Hi,

There is no limit for configuring objects in a single context ASA.

However, there is a limitation on the number of access-control elements on a specific hardware.

There is no hard-coded limit on the number of elements (access control entries) in an ACL, which is bound only by memory. Each ACE uses a minimum of 212 bytes of RAM. However maximum performance may decrease (typically by 10 to 15 percent as you reach or exceed the recommended maximum number of ACEs.

Please check the link for ASA 5585 ( Section: What is the maximum ACL limit on ASA)?

https://www.cisco.com/c/en/us/products/collateral/security/adaptive-security-appliance-asa-software/qa_c67-731962.html

Also, is it possible to block IP address ranges by geographical region versus ip host or  cidr block addresses?

On ASA you can only use CIDR block to block IP address, only if use Sourcefire module on ASA you would be able to block on geographical region.

Regards,

Aditya

Please rate helpful and mark correct answers

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top