Educause Security Discussion mailing list archives
Re: Network Access Control Changes - Firewall and ACL policy changes
From: Mike Iglesias <iglesias () UCI EDU>
Date: Mon, 4 Jun 2007 13:16:43 -0700
Luke Sheppard wrote:
I have found that the Cisco FWSM needs a manual shutdown/no-shut of the interface if making acl changes via the command-line IOS. But if you use the web browser GUI you can add interstitial acl changes on-the-fly with no down time. This is very convenient for quick one-off changes, but irritating if you are used to scripting everything.
What version of the FWSM software are you using? We're using 2.3, and have not seen problems like this. One of our ACLs is about 2300 lines long. We don't see any traffic passing issues, but the load on the FWSM jumps up to over 95% for a second or two as it compiles the ACL. -- Mike Iglesias Email: iglesias () uci edu University of California, Irvine phone: 949-824-6926 Network & Academic Computing Services FAX: 949-824-2069
Current thread:
- Re: Network Access Control Changes - Firewall and ACL policy changes Luke Sheppard (Jun 04)
- <Possible follow-ups>
- Re: Network Access Control Changes - Firewall and ACL policy changes David LaPorte (Jun 04)
- Re: Network Access Control Changes - Firewall and ACL policy changes Mike Iglesias (Jun 04)
- Re: Network Access Control Changes - Firewall and ACL policy changes Paul Keser (Jun 05)
- Re: Network Access Control Changes - Firewall and ACL policy changes Michael Hornung (Jun 05)
- Re: Network Access Control Changes - Firewall and ACL policy changes Greg T. Grimes (Jun 06)