When importing from Cisco ASA, security rules that specifically allow all TCP ports (but not UDP ports) - i.e. "access-list NET1 extended permit tcp host 10.10.10.1 any" - will be imported as rules that allow all TCP and UDP ports.
The same applies to ASA rules that only permit all UDP ports (but not TCP ports). The rule will be imported into the tool as a rule that allows all UDP and all TCP ports.
I can confirm that this occurs with ASA code 8.2. I don't know for sure about 8.3+.
A suggested fix would be:
- Auto-create a Service object that contains the entire tcp/udp port range.
- Use that Service object in the imported rule
Feature request: It would be nice to be able to filter security rules by Allow vs Deny. Doesn't seem to be possible currently.
Feature request: On the NAT policy screen, please add the ability to filter on fields in the Translated Packet, such as "[TP] Destination"
Re: the previous bug fix when an apostrophe in a Tag description caused an issue:
I found the same to be true of the apostrophe when editing the Description field of an Address Group. The changes won't be saved if the description contains one.
I face an issue in filtering when apply
(Service neq X and Service neq Y and Service neq Z)
The result on the MT is much less than the result on the box. Has any one faced this issue?
"I have MT connected to the PA device"
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!