On Fri, 2010-11-05 at 21:50 -0500, Tony Varriale wrote:
<somebody> said:
They could make it out of the box but this is why Dylan made his statement.
His statement is far fetched at best. Unless of course he's speaking of 100 million line ACLs.
Can I just ask out of technical curiosity: Q: What is considered a "large" number of ACL lines for these recent ASA boxes? I realise "it depends" so I'm looking for a loose ball-park response. (or preferably a rule-of-thumb equation?) background to the question: I have several special purpose BSD boxes that have several hundred lines of PF filtering rules (the equivalent of a Cisco ACL line). One has nearly 2300. These are consolidated with macros (PF anchors/tables) and dynamic rulesets, so are already highly optimised. The rules are in addition to the shaping and anti-spoofing, these are in a critical location in the (very sensitive) very complex network. I'm just wondering if this is "a lot" in the world of recent ASAs, having had no relevant experience with them (at this level) Gord -- soul for sale - apply within