cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
603
Views
0
Helpful
2
Replies

ACL on CSM

harinirina
Level 1
Level 1

Hi all,

We use CSM for configuring firewall rules and NAT.

Is it possible to use ACL created from ACL objects when assigning ACL used for NAT and firewall rules?

if no, is there a way to change ACL name used for NAT and firewall rules?

2 Replies 2

vmoopeung
Level 5
Level 5

In most cases, the names of imported ACLs are discarded (not preserved) at deploy because Firewall MC takes ownership after importing the ACLs on a device. Ownership in Firewall MC means that whichever entity creates a rule or object can discard that rule or object after it is no longer useful.

Firewall MC discards the preexisting names of imported ACLs in most cases so that it can rename each such ACL in a predictable and standard way. The naming pattern that Firewall MC applies to imported ACLs follows a kind of logical taxonomy with at least four parts, as follows:

ACL_MDC__.

The only scenario in which Firewall MC retains the name of an imported ACL is when, at deploy, the only required change to the ACL structure is that one or more ACEs are appended at the end

Hi,

Thanks for your reply.

About CSM license, it's said on CSM user guide that when Firewalls are redundant, it is considered as one device.

We have configured 2 context (one active, one failover), but CSM consumes 2 licenses.

is there anything to do so that they are considered as one device?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: