Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Method of firewall policy segregation Using Microsoft excel sheet for host and subnet based firewall rules “1234 Rule”

Firewalls in general use access-list tables for packet flow control. Managing firewall rules and optimizing is a critical part of firewall operation. Once in production system while we do policy fine tuning we want to segregate host based and subnet based policies. This segregation is required in order to see whether any duplicity of policy exist or the traffic flow permitted/denied is as per designed data flow or not. Most commonly we export all the rules in an excel spreadsheet and do some data analysis on the values like clubbing, filtering or cut-copy-paste of rules. One of the tasks involves segregating host to host, host to subnet, subnet to host and subnet to subnet policies. This paper gives a mathematical method to calculate the desired result.

New Member

Where is the paper?