Where one rule could be used if access to a host, network, or zone used the same application/services for all sources, in this design a separate rule would be created with the same destination and app/service info for each source zone.Higher utilized firewall rules may not be towards the top.On the other hand, it isn't the most efficient due to: This has made it easy to see how related rules work together wihtout needing to try to use search filters. I'm curious how others are organizing their security policies and what best practices might be here.Ĭoming from an ASA background, my original security policy setup on our PA boxes was to organize and group based on source zone, organized then by zones of higher to lower security concern. I figured we could do some organization at the same time. We're working on an audit of our security policies to start getting rid of some generalized rules and start making things more specific.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |