whilst the ASA series is an excellent option, many companies will save by implementing Cisco IOS based devices, because of the cheaper costs, but also because of the enhanced features available throughout.
More recently 12.4.20T onwards marks the integration of object based firewalls. These simplify access lists by allowing the reference to groupings of IP/networks and services.
We recently deployed this for a particularly complex set-up and were very pleased with the significant time savings, as were the internal IT team at the client.
here's an example of how it works:
object-group network MYSERVERS
description bank of smtp servers
host 192.168.1.2
host 192.168.1.5
!
ip access-list extended OUTSIDE
permit tcp any object-group MYSERVERS eq smtp
deny tcp any any eq smtp log
permit ip any any
!
interface fastethernet0/0
ip access-group OUTSIDE in
No comments:
Post a Comment