Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

firewall rules

Hi all, I was told that creating service group with all in it can cause heavy cpu load on the firewall, I was told instead to create a packet filter? is this correct?

cheers

1 REPLY

Re: firewall rules

Carl,

I think it would generally depend on the platform, processor & amount of memory.

Best practise is to create groups for specific rules, containing subnets, hosts, services, protocols etc on a per rule basis.

This aids better troubleshooting for a rule base perspective and logs, with the ACL's.

HTH.

107
Views
0
Helpful
1
Replies