Checkpoint to ASA Conversion (negate ability in Checkpoint)

Unanswered Question
Oct 12th, 2007
User Badges:

I am in the middle of a Checkpoint to ASA conversion and so far it's gone pretty well.


My current problem though is that Checkpoint allowed for me to create an ACL that I could specify a group I created called RFC_1918_Group would not be allowed coming in my outside int but everything else would be allowed.


Any way to do this in the ASA without creating a permit statement along with a deny statement?


Attached is what the rule looks like in Checkpoint.


Thanks in advanced! This could cut down my rule base by a few lines.



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kevin.jones1 Sat, 10/13/2007 - 08:24
User Badges:

There is NO RFC1918 in checkpoint either.

The user has to create that.


What he is asking will require two separate

line of groups to do the trick. The first

line in the ACL should block RFC1918 addresses

while the second ACL line permit from Any.


Pix ACL is dumb, it is not smart as checkpoint

policy.



campbech1 Mon, 10/15/2007 - 04:57
User Badges:

Thank you Kevin. That is what I thought but was hoping the ASA was smarter then that.


Two ACLs it is then.


Thanks again.

Actions

This Discussion