11-13-2009 05:55 PM - edited 03-09-2019 10:42 PM
Team I have a rather large access-list in one of my firewalls and was wondering if anyone has any rules of thumbs to go by when building a complex access lists. I currently use object groups but what is a good rule for acls with servers, users and diffent needs for access?
11-16-2009 06:38 AM
We use object-groups as well. We typically create an object for source servers (if more than 1), the ports (if more than 1 or 2) and another group for destination server(s). We have a very restrictive security policy so each rule must be specific. I think it makes it hard to see what the ACL's really do, but it shortens the config.
Hope that helps.
11-16-2009 03:57 PM
We try to do something very similar but over time alot of 1 offs have creeped into the acls.
Thanks for the reply
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: