09-19-2002 10:44 AM - edited 02-20-2020 10:15 PM
Does anyone know if Cisco has a recommendation for the number of rules/access list lines per firewall? I know within Check Point, there is a recommendation for no more than 50 rules per firewall within the Security Policy Rule Base. Looking for an answer for an audit question.
09-19-2002 06:33 PM
with pix 6.2 and complied access lists, multi-thousand line lists were tested and worked fine. the real limit is in available memory to compile the list, you need minimum 2M free to compile.
09-25-2002 07:21 PM
I'm running 900+ on PIX525 with no problems at all (other than managing the cotton pickin things ;-0 ).
Cpu is nothing 2-5% tops with approximtely 2000+ connections.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide