03-17-2010 06:11 AM - edited 03-11-2019 10:22 AM
I have 14000 ACEs under one ACL. Actually I want to block whole of the world except North America and Mexico. Any idea how to optimize this list . Any tool
03-17-2010 09:21 AM
Hi,
If you just want to permit some ranges and deny everything else, the recommendation is to specify what you want to permit and by default everything else will be denied.
If this is an ASA, you can use Object-Groups to group networks and in this way reduce dramatically the list.
Federico.
03-17-2010 09:27 AM
Hi,
If you are using FWSM then you can use ACL optimization future. It will analyse and will give the report of zero hit count ACLs.
You can remove those ACLs.
Else, you have to enable logging and you have to find the zero hit-count and remove those zero hit count ACLs
Regards
Karuppu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide