Until that happens, it's just a list of hosts and/or networks.Ĭiscoasa(config)# access-list acl1 extended permit tcp any object-group clients eq <- Add this IP to the group.Ĭiscoasa(config-network)# network-object host y.y.y.y <. The object-group must be applied with an ACL. Network-object host z.z.z.z <- a single IP in it Object-group network clients <- the bucket Think of an object-group as being a bucket of IPs, and you apply the ACL to the bucket once.įrom a 'sh run' from one of my ASA 5505s: For today's lesson, here's a little something about object-groups on Cisco firewalls.Īn object-group on a firewall is a way of applying an ACL to a group of IP addresses or networks without having to type them all in each time.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |