×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Tips to Simplify Access Control Rules

Document

Mon, 07/21/2014 - 09:37
Jul 21st, 2014
User Badges:

When writing an Access Control rule, you want to keep it simple.  Here are some tips for simplifying an Access Control rule:

  • Use CIDR blocks rather than individual IP addresses whenever possible.
  • Use port ranges rather than individual ports whenever possible.
  • Use security zones whenever possible.
  • Do not overspecify rules. Examples of non specific Access Control Rules:
    • Having many individual IP addresses
    • Using a large list of URLs
    • Having unnecessary rules that could be combined into one with a broader criteria.

 

Important: When creating an Access Control policy, it is important to keep in mind that one Access Control may generate multiple expanded Access Control rules.

Loading.

Actions

This Document