Open mazhead opened 8 years ago
Hello, run in to a problem with FW rules on Cisco ASA. Rules with object-group in destination are not parsed.
Example: access-list ANON-NAME_access_in extended permit object-group TCPUDP object-group ANON_NETWORK_RANGE1 object-group ANON_NETWORK_RANGE2 object-group TCP-UDP-proxy
Inside the objects: object-group network ANON_NETWORK_RANGE1 network-object 10.XX.XX.0 255.255.255.0 network-object object 10.XX.XX.0 network-object object 10.XX.XX.0
object-group network ANON_NETWORK_RANGE2 network-object host 10.XX.XX.0 network-object host 10.XX.XX.0 network-object host 10.XX.XX.0 network-object host 10.XX.XX.0 network-object object ANOTHER_OBJECT_GROUP1 network-object object ANOTHER_OBJECT_GROUP2 network-object object 10.XX.XX.0
object-group service TCP-UDP-proxy tcp-udp port-object eq 3128
Hello, run in to a problem with FW rules on Cisco ASA. Rules with object-group in destination are not parsed.
Example: access-list ANON-NAME_access_in extended permit object-group TCPUDP object-group ANON_NETWORK_RANGE1 object-group ANON_NETWORK_RANGE2 object-group TCP-UDP-proxy
Inside the objects: object-group network ANON_NETWORK_RANGE1 network-object 10.XX.XX.0 255.255.255.0 network-object object 10.XX.XX.0 network-object object 10.XX.XX.0
object-group network ANON_NETWORK_RANGE2 network-object host 10.XX.XX.0 network-object host 10.XX.XX.0 network-object host 10.XX.XX.0 network-object host 10.XX.XX.0 network-object object ANOTHER_OBJECT_GROUP1 network-object object ANOTHER_OBJECT_GROUP2 network-object object 10.XX.XX.0
object-group service TCP-UDP-proxy tcp-udp port-object eq 3128