04-25-2012 01:47 AM
Assume one use a design guideline such as:
ALLOW GLOBAL (dstzone=any)
DENY (dstzone=x) specific log on session end
ALLOW (dstzone=x) specific
DENY (dstzone=x) any log on session start
...
DENY GLOBAL (dstzone=any) any log on session start
Will there be any difference if one use a single dstzone=any rule (lets say to allow ping into each zone) comparing to use one rule per dstzone to allow ping?
I mean will the compiler/optimizer who programs the FPGA/ASIC in your PA device end up with the same code to load anyway?
Of course this is a non issue if you just have a single rule but lets assume you have 100 zones and need to use 100 "global" rules. For the administrator this would mean setting up 100 rules (going global style) vs 10000 rules (100 rules per dstzone).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
