I'm going through this process.
I started when I first started at my job. I found that
access-list entried with 0 hit counts can be "back
up" devices that wont be used until a failure occurs.
Other than that, I get a good copy of the access-list and
start deleting uneeded lines. I then try and reposition the
most hit lines at the top of the access-list. I have found
this makes the most improvement.
One more thing, it is nice to have a clean access-list but
the PIX devices are capable of ten's-hundreds of thousands
of lines with no real problems.
You may also want to think about creating objectgroups and
or turbo ACL's if you are experiencing slow downs.
>
> From: "brianahardy" <brianahardy yahoo.com>
> Date: 2005/12/27 Tue PM 02:40:29 EST
> To: PIX_Firewall@yahoogroups.com
> Subject: [PIX_Firewall] ACL Clean-up
>
>
------------------------ Yahoo! Groups Sponsor
--------------------~-->
Get Bzzzy! (real tools to help you find a job). Welcome to
the Sweet Life.
http://us.click.yahoo.com/KIlPFB/vlQLAA/TtwFAA/kgFolB/TM
------------------------------------------------------------
--------~->
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://gr
oups.yahoo.com/group/PIX_Firewall/
<*> To unsubscribe from this group, send an email to:
PIX_Firewall-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|