Team I have a rather large access-list in one of my firewalls and was wondering if anyone has any rules of thumbs to go by when building a complex access lists. I currently use object groups but what is a good rule for acls with servers, users and diffent needs for access?
We use object-groups as well. We typically create an object for source servers (if more than 1), the ports (if more than 1 or 2) and another group for destination server(s). We have a very restrictive security policy so each rule must be specific. I think it makes it hard to see what the ACL's really do, but it shortens the config.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...