Unanswered Question
Jan 8th, 2009

Hi all,

We use CSM for configuring firewall rules and NAT.

Is it possible to use ACL created from ACL objects when assigning ACL used for NAT and firewall rules?

if no, is there a way to change ACL name used for NAT and firewall rules?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vmoopeung Fri, 01/16/2009 - 13:11

In most cases, the names of imported ACLs are discarded (not preserved) at deploy because Firewall MC takes ownership after importing the ACLs on a device. Ownership in Firewall MC means that whichever entity creates a rule or object can discard that rule or object after it is no longer useful.

Firewall MC discards the preexisting names of imported ACLs in most cases so that it can rename each such ACL in a predictable and standard way. The naming pattern that Firewall MC applies to imported ACLs follows a kind of logical taxonomy with at least four parts, as follows:


The only scenario in which Firewall MC retains the name of an imported ACL is when, at deploy, the only required change to the ACL structure is that one or more ACEs are appended at the end

harinirina Fri, 01/23/2009 - 14:05


Thanks for your reply.

About CSM license, it's said on CSM user guide that when Firewalls are redundant, it is considered as one device.

We have configured 2 context (one active, one failover), but CSM consumes 2 licenses.

is there anything to do so that they are considered as one device?


This Discussion