Dynamic Update of Network Object Groups between ASA's

Answered Question

Hello,

Is anyone familiar with network object group synchronization between two asa's that are separate (not a failover pair)?  I understand that this might be possible with a script but what I want to do is to have the changes to one network object group replicate the changes to the similarly named network object between two remote ASAs.  The remote ASAs have internet failover via BGP and the public IP's are the same.

Suggestions?

Thank you,

-Ben

I have this problem too.
0 votes
Correct Answer by Panos Kampanakis about 6 years 2 months ago

Hi

Of course there is the manual or script option that you mentioned.

There is also the option of the "write net" command to pull the config from a central site.

And also AUS server option where changes are pushed to the ASAs together from a central AUS server.

I hope it helps.

PK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Panos Kampanakis Mon, 09/20/2010 - 11:47

Hi

Of course there is the manual or script option that you mentioned.

There is also the option of the "write net" command to pull the config from a central site.

And also AUS server option where changes are pushed to the ASAs together from a central AUS server.

I hope it helps.

PK

Panos Kampanakis Tue, 09/21/2010 - 08:13

IT is not very common to use write net or AUS There are people that use AUS but not too many percentagewise.

If you are using CSM you can also use a shared policy so the ACL can be used in more than one devices.

PK

Actions

This Discussion