Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Firewall rulebase management

Hi All

One of the companys I work for has 950 rules on the firewall, would you consider this excessive ?

The rules are a mix of application, and then rule allowed by site

How best is it to manage a rulebase, should be manage it by application, and then have all the source / destination nets, and applications in a service group?

or should we leave it to rules per site etc?

your comments please

1 REPLY
Cisco Employee

Hi,The best way to manage the

Hi,

The best way to manage the ACL on the ASA device is to use the Object/Object-groups.

Also , you can separate rules in the configuration using the remarks on the ACL.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/a1.html#pgfId-1599158

Thanks and Regards,

Vibhor Amrodia

49
Views
0
Helpful
1
Replies
CreatePlease to create content