Number of ACL lines in a firewall?

Started by dlots, December 22, 2015, 10:15:29 AM

Previous topic - Next topic

dlots

So what is a standard number of ACL lines once you have extended out all your object-groups and such.

I was curious and looked at one of our FWs and we had 319,330 lines.  How normal is that? (seems like alot to me)

deanwebb

On a perimeter or data center big bad firewall with contexts and what-not, yes, they can get that big, especially if they got to the point where people couldn't check to see if the object/rule was already there, so they just added another rule. I had one firewall that had 5 complete rules that each governed the same traffic between endpoints.

Get you some firewall management software in action and clean up the rule sets.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.