[c-nsp] FW: Tuning rules on a 6500 Cisco Firewall?(FWSM)

[Ge Moua]

We use FWSM here the UMN-TC and employ extensive object-groups.  This is
only a suggestion if you are starting from scratch.


:-)
Regards,
Ge Moua | Email: moua0100 at umn.edu

Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
2218 University Ave SE | Minneapolis, MN 55414-3029
Office: 612.626.2779 | Pager: 612.###.#### | Fax: 612.626.1818
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Frank Bulk
Sent: Tuesday, July 11, 2006 5:06 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] FW: Tuning rules on a 6500 Cisco Firewall?(FWSM)

This was posted on the RESNET-L listerv....is there such a tool?
 
Frank

  _____  

From: Resnet Forum [mailto:RESNET-L at listserv.nd.edu] On Behalf Of Pickett,
Eldred
Sent: Tuesday, July 11, 2006 11:40 AM
To: RESNET-L at listserv.nd.edu
Subject: Tuning rules on a 6500 Cisco Firewall?(FWSM)



We currently have over 7000 access-list rules generated by 198 statements.
What's a good way to figure out how to 'condense' these somehow?  Is there
an utility that can give you a list of redundancies?  I can imagine that
going through 7000+ rules manually line-by-line would be a pain.

Thanks for any help.

 

Eldred Pickett

Network Administrator

Housing Information Technology Department(HITO)

University of Michigan Housing

1325 Mary Markley Hall

1503 Washington Heights

Ann Arbor, MI 48109-2015

Phone:(734)-615-5035

Fax:(734)-615-8448

 

___________________________________________________ You are subscribed to
the ResNet-L mailing list. 

To subscribe, unsubscribe or search the archives, go to
http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________ 

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/