Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Best strategy for large scale rule base modifications

I am going to be doing a very significant number of config changes to a production Pix 525. This includes removing entire access lists, some objects, shutting down some unused interfaces, adding some new object groups, removing some access list entries in rules etc. Essentially - is a major spring clean. Im debating whether to just totally erase the existing config and tftp the new one straight in - or edit the current one bit by bit to get it how I want it. My instinct is just to erase - and load new config. This feels the cleaneset least risky option (obviously I will back up configs). The Pix can have some downtime as is part of a failover pair. So - what is the intelligence here -? do the mods via one clean hit - or carefully modify the exisiting config "piecemeal fashion"?

By the way the current config is 20 pages long. My mods reduce this to 12. Thanks in adavance


Re: Best strategy for large scale rule base modifications

The better option would be to erase the entire configuration and then copy the new one at one go. This will take only a small amount of time but will save a lot of effort that would be required for troubleshooting if the step by step process does not goes smooth.

New Member

Re: Best strategy for large scale rule base modifications

first u go to plan a new configuration which u need to implement on the firewall then copy your current configuration on the notepad and edit that as u need and taking downtime . erase the cong and copy new configuration from notepad to pix

CreatePlease to create content