my beloved old PIX died a year ago and after running a Linux firewall in the meanwhile, I bought an ASA5505 recently.
Now, with my Linux firewall I did 2 things besides the "normal" firewalling:
First: I blocked Palestine, China and Korea via automated scripts which pull and update the rules every 24h
Second: I blocked access to SIP ports according to a list of sources for SIP fraud attempts which I maintain myself.
Is there any easy way to pull those lists to my ASA, e.g. via TFTP? Or would my script have to log in to the ASA and issue a ton of access-list commands? How's the performance impact of pushing 5000+ rules to a 5505?
I think you can copy the ACL lines using the TFTP by copying the configuration to the running configuration and it will merge the configuration with the already existing changes.
I would recommend using the Object Groups for easier management:-
There is no Hardcoded limit for the number of ACE/ACL on the ASA device but the recommended limit is around ~25K.
Thanks and Regards,