Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Tips to Simplify Access Control Rules

When writing an Access Control rule, you want to keep it simple.  Here are some tips for simplifying an Access Control rule:

  • Use CIDR blocks rather than individual IP addresses whenever possible.
  • Use port ranges rather than individual ports whenever possible.
  • Use security zones whenever possible.
  • Do not overspecify rules. Examples of non specific Access Control Rules:
    • Having many individual IP addresses
    • Using a large list of URLs
    • Having unnecessary rules that could be combined into one with a broader criteria.

 

Important: When creating an Access Control policy, it is important to keep in mind that one Access Control may generate multiple expanded Access Control rules.

600
Views
0
Helpful
0
Comments