Is using the Object-Group will reduce the processing effort ?

Unanswered Question
Feb 2nd, 2010
User Badges:

Is using the Object-Group will reduce the processing effort ?


and is there any documents for ACL design consedieriation ?


Thanks a lot in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 02/02/2010 - 08:55
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

fadi4alpha wrote:


Is using the Object-Group will reduce the processing effort ?


and is there any documents for ACL design consedieriation ?


Thanks a lot in advance.


Using object-groups does not reduce the processing effort because the firewall still has to expand the object-group into it's individual line entries. It's more a way of organising the config from an admin perspective.


ACL design, not really documents but the key thing is to put the entries that are hit the most at the top as the acl entries are processed top down, one at a time.


Jon

Actions

This Discussion