I am using algosec fireflow for policy deployment in ASA firewalls.. algosec requires grouping of multiple IPs/Services into a single object..
for ex.. source 1.1.1.1, 2.2.2.2 destination 3.3.3.3 , 4.4.4.4 , 5.5.5.5 service : https , ssh , http
I normally do not club the IPs into a group name but algosec groups the source as gr-src-reqid ,destination as gr-dst-reqid and service as gr-srv-reqid.. thus creating individual objects for src,dest and service respectively.. therefore, in each deployment request multiple objects will be created.... can this many object creation adversely affect the firewalls ? Is it a best practice to do so ?
any help is appreciated