Solved: Re: Exclude one IP or Port from Object Group on Access List

aliabuklam · ‎11-02-2017

Hey guys,

I have a simple question. I do have an object-group with 4 IP's in it, and on access list I'm allowing these IP's (object-group) to access 4 different servers.

On one server I need access from only 2 of the 4 IP's. Is there a way on access-list to exclude 2 IP's or something like that. I know I can just add an access-list specifically for these IP's, I was just wondering if there is an easier way.

Thanks

Flavio Miranda · ‎11-02-2017

Agree. If you need them in a different rule, is better split the object group so that you avoid permit unnecessary traffic to host.

-If I helped you somehow, please, rate it as useful.-

View solution in original post

Flavio Miranda · ‎11-02-2017

Hi @aliabuklam

You should edit your object group and rip off those hosts you don't need anymore.

object-group network object-group-name

no host {host-address | host-name}

-If I helped you somehow, please, rate it as useful.-

aliabuklam · ‎11-02-2017

Thanks for your response Flavio.

I still need this all the hosts for other servers though. I guess I will just create a new object-group and use it specifically for this that one server.

Thank you.

Flavio Miranda · ‎11-02-2017

Agree. If you need them in a different rule, is better split the object group so that you avoid permit unnecessary traffic to host.

-If I helped you somehow, please, rate it as useful.-

aliabuklam · ‎11-02-2017

Thank you