Educause Security Discussion mailing list archives
Re: Network Access Control Changes - Firewall and ACL policy changes
From: David LaPorte <david_laporte () HARVARD EDU>
Date: Mon, 4 Jun 2007 12:39:00 -0700
You should be able to get around this issue on the FWSM with the "access-list mode manual" and "access-list commit". This link has a bit more info (requires a CCO login): http://www.cisco.com/en/US/customer/docs/security/fwsm/fwsm22/configuration/guide/mngacl.html#wp1227762 Dave Luke Sheppard wrote:
I have found that the Cisco FWSM needs a manual shutdown/no-shut of the interface if making acl changes via the command-line IOS. But if you use the web browser GUI you can add interstitial acl changes on-the-fly with no down time. This is very convenient for quick one-off changes, but irritating if you are used to scripting everything. I have also heard, anecdotally, that the Junipers can have problems (brain dead) if the acls get too big. Sorry, I have to actual metrics for this. Luke
Current thread:
- Re: Network Access Control Changes - Firewall and ACL policy changes Luke Sheppard (Jun 04)
- <Possible follow-ups>
- Re: Network Access Control Changes - Firewall and ACL policy changes David LaPorte (Jun 04)
- Re: Network Access Control Changes - Firewall and ACL policy changes Mike Iglesias (Jun 04)
- Re: Network Access Control Changes - Firewall and ACL policy changes Paul Keser (Jun 05)
- Re: Network Access Control Changes - Firewall and ACL policy changes Michael Hornung (Jun 05)
- Re: Network Access Control Changes - Firewall and ACL policy changes Greg T. Grimes (Jun 06)