cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

518
Views
0
Helpful
1
Replies
NeWGuy1109
Beginner

Object Creation in ASA

I am using algosec fireflow for policy deployment in ASA firewalls.. algosec requires grouping of multiple IPs/Services into a single object..

 

for ex.. source 1.1.1.1, 2.2.2.2  destination 3.3.3.3 , 4.4.4.4 , 5.5.5.5  service : https , ssh , http

 

I normally do not club the IPs into a group name but algosec groups the source as gr-src-reqid ,destination as gr-dst-reqid and service as gr-srv-reqid.. thus creating  individual objects for src,dest and service respectively.. therefore, in each deployment request multiple objects will be created.... can this many object creation adversely affect the firewalls ? Is it a best practice to do so ?

 

any help is appreciated

1 REPLY 1
Rob Ingram
VIP Mentor

Hi @NeWGuy1109 

If you are going to use object groups, you can use the command "object-group-search access-control", this optimises ACLs preventing object group expansion, which reduces memory utilization with minimal additional CPU overhead.

 

Recommended in the following Cisco Live presentation.

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2020/pdf/DGTL-BRKSEC-3020.pdf