We have a parallel NFS cluters with about 60 data serving interfaces with IPs. Some hosts in networks protected by our ASA5580 need to access the filesystems on this cluster. For things to work properly we need a few of the sunrpc-server fixup statements.
typically the syntax would look similar to:
sunrpc-server inside STORAGE2.inside 255.255.255.255 service 100099 protocol TCP port 111 ....
ideally I'd like to describe a group of hosts and apply the fixup to the group
sunrpc-server inside object-group GRP-STORAGE7 service 100099 protocol TCP port 111 ....
but the sunrpc-server command does not accept object-groups as an argument.
adding all the sunrpc statements per host will add over 300 lines to the firewall config. is there a better method to do this which will allow us to summarize?
thanks for your time,
Unfortunately as you noted there is no easy way to summarize this since object-groups aren't supported. The sunrpc-server command does accept a subnet, though, so in the off chance your hosts are sequentially addressed you can use the subnet address and mask to help limit the number of lines you need to configure.
Hope that helps.