Trivia

Started by icecream-guy, August 22, 2017, 11:48:53 AM

Previous topic - Next topic

icecream-guy

When did Cisco ASA drop support for port-objects in service object-group's  ?   
I see it in 9.1.7 but not in 9.6.3
:professorcat:

My Moral Fibers have been cut.

deanwebb

Looks like within the last two years, still searching for exact ASA ver that deprecated port-object.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Dieselboy

May be the same reason they removed the snmp oid object to monitor the route table  :twitch:

I checked this out on the 9.7(1)8 code I'm running, and I can add service object groups in service policy rules. I'm also using service object groups in ACLs. I can also add service object groups within service object groups. 

I don't think I am thinking of the right config? Can you explain some more so I can check it out?

icecream-guy

#3
Quote from: Dieselboy on August 28, 2017, 02:19:54 AM
May be the same reason they removed the snmp oid object to monitor the route table  :twitch:

I checked this out on the 9.7(1)8 code I'm running, and I can add service object groups in service policy rules. I'm also using service object groups in ACLs. I can also add service object groups within service object groups. 

I don't think I am thinking of the right config? Can you explain some more so I can check it out?


just me and the typo's  never mind, this is from 9.8.1


5500X-EVAL1/admin(config-service-object-group)# object-group service yyy
5500X-EVAL1/admin(config-service-object-group)# ?

  description     Specify description text
  group-object    Configure an object group as an object
  help            Help for service object-group configuration commands
  no              Remove an object or description from object-group
  service-object  Configure a service object



vs


5500X-EVAL1/admin(config-service-object-group)# object-group service xxx tcp
5500X-EVAL1/admin(config-service-object-group)# port-object eq www
5500X-EVAL1/admin(config-service-object-group)# ?

  description   Specify description text
  group-object  Configure an object group as an object
  help          Help for service object-group configuration commands
  no            Remove an object or description from object-group
  port-object   Configure a port object



:professorcat:

My Moral Fibers have been cut.

Otanx

Slightly off topic question, but what use case would you use "object-group service xxx tcp" and being limited to only specifying tcp port numbers vs "object-group service xxx" and being able to add UDP and TCP ports? I have not found any features that don't work with the second style, and it is more flexible.

-Otanx

DanC

Quote from: Otanx on August 29, 2017, 01:37:22 PM
Slightly off topic question, but what use case would you use "object-group service xxx tcp" and being limited to only specifying tcp port numbers vs "object-group service xxx" and being able to add UDP and TCP ports? I have not found any features that don't work with the second style, and it is more flexible.

-Otanx

I've often wondered the same thing. My guess is that there isn't one and it's a legacy command from earlier code that's retained for compatibility... it's only a guess though ;)

icecream-guy

Quote from: Otanx on August 29, 2017, 01:37:22 PM
Slightly off topic question, but what use case would you use "object-group service xxx tcp" and being limited to only specifying tcp port numbers vs "object-group service xxx" and being able to add UDP and TCP ports? I have not found any features that don't work with the second style, and it is more flexible.

-Otanx

just to make it more confusing, you can specify tcp & udp like so


asa/admin(config)# object-group service zzz tcp-udp
asa/admin(config-service-object-group)# ?

  description   Specify description text
  group-object  Configure an object group as an object
  help          Help for service object-group configuration commands
  no            Remove an object or description from object-group
  port-object   Configure a port object
asa/admin(config-service-object-group)#
asa/admin(config-service-object-group)# port-object eq 53


:professorcat:

My Moral Fibers have been cut.