Hi

I'm looking to use the following object-groups and access-list. Could someone please verify that my config is ok!

Here's the config:

object-group network dmz2_web_servers

description Trusted Windows WebServers

network-object host xxx.xxx.xxx.74

network-object host xxx.xxx.xxx.75

network-object host xxx.xxx.xxx.76

network-object host xxx.xxx.xxx.77

exit

object-group network dmz2_sql_servers

description Trusted SQL Servers

Trusted Windows SQL Servers

network-object host xxx.xxx.xxx.78

exit

object-group network TrustedHosts

group-object dmz2_web_servers

group-object dmz2_sql_servers

Trusted Services:

object-group service Internal_VNC tcp

description VNC server ports

port-object eq 5900

port-object eq 5800

object-group service External_Web tcp

description Web server ports permitted from internet

port-object eq 80

port-object eq 443

object-group service Internal_dns_ntp udp

description DNS and NTP

port-object eq domain

port-object eq ntp

object-group service Internal_mssqlserver tcp

description : list of TCP ports that the MSSQLSERVER service requires

port-object eq 1433

object-group service ms_mssqlserver_udp udp

description : list of UDP ports that the MSSQLSERVER service requires

port-object eq 1434

access-list ex_web remark Web Servers accept http and https connections from Internet.

access-list ex_web permit tcp any object-group dmz2_web_servers object-group External_Web

Thanks in advance for any help

Dan