Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
0
Helpful
2
Replies

PIX Access Lists

jeff.carr
Level 1
Level 1

‎10-27-2004 08:09 AM - edited ‎02-20-2020 11:42 PM

I finally got around to changing my conduits to access list entries. Should I adjust the order of the access list entries, keeping the busy entries first in line? My assumption is that the access list group is queried in order, similar to an IOS driven device. Thanks for the input.

0 Helpful
2 Replies 2

Patrick Iseli
Level 7
Level 7

‎10-27-2004 08:16 AM

Yes you should put the more busy ones in the beginning.

By the way there are two interesting features for access-list.

1.) Turbo access-list

TurboACL is a feature introduced with PIX Firewall version 6.2 that improves the average search time for access control lists containing a large number of entries. The TurboACL feature causes the PIX Firewall to compile tables for ACLs and this improves searching of long ACLs.

[no] access-list compiled

[no] access-list compiled

See: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb721.html#wp1034390

2.) You can add access-list with a statement, see eample:

[no] access-list [line ] deny|permit ...

sincerely

Patrick

0 Helpful

jeff.carr
Level 1
Level 1
In response to Patrick Iseli

‎10-27-2004 08:43 AM

Excellent.

Thanks for the response, and for the info on 'TurboACL' and 'add ACL with line num'. Will come in handy.

Jeff

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card