cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

Tips to Simplify Access Control Rules

777
Views
0
Helpful
1
Comments

When writing an Access Control rule, you want to keep it simple.  Here are some tips for simplifying an Access Control rule:

  • Use CIDR blocks rather than individual IP addresses whenever possible.
  • Use port ranges rather than individual ports whenever possible.
  • Use security zones whenever possible.
  • Do not overspecify rules. Examples of non specific Access Control Rules:
    • Having many individual IP addresses
    • Using a large list of URLs
    • Having unnecessary rules that could be combined into one with a broader criteria.

 

Important: When creating an Access Control policy, it is important to keep in mind that one Access Control may generate multiple expanded Access Control rules.

Comments
Beginner

Hello,

 

I have noticed many Port Objects with the same value. They are assigned to different ACL lines. Can those be simplified or should each line have its own port object even if it is for the same port?