11-13-2009 05:55 PM - edited 03-09-2019 10:42 PM
Team I have a rather large access-list in one of my firewalls and was wondering if anyone has any rules of thumbs to go by when building a complex access lists. I currently use object groups but what is a good rule for acls with servers, users and diffent needs for access?
11-16-2009 06:38 AM
We use object-groups as well. We typically create an object for source servers (if more than 1), the ports (if more than 1 or 2) and another group for destination server(s). We have a very restrictive security policy so each rule must be specific. I think it makes it hard to see what the ACL's really do, but it shortens the config.
Hope that helps.
11-16-2009 03:57 PM
We try to do something very similar but over time alot of 1 offs have creeped into the acls.
Thanks for the reply
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide