Cisco ASA 5505 Configuration Manual page 644
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Configuring Access Rules
Prerequisites
These settings only apply if you enable the newer logging mechanism for the access rule.
Fields
•
•
•
•
Access Rule Explosion
The security appliance allows you to turn off the expansion of access rules that contain certain object
groups. When expansion is turned off, an object group search is used for lookup, which lowers the
memory requirements for storing expanded rules but decreases the lookup performance. Because of the
trade-off of performance for memory utilization, you can turn on and turn off the search.
To configure the option of turning off the expansion of access rules that contain s, perform the following
steps:
Step 1
Choose Configuration > Firewall > Access Rules.
Step 2
Click the Advanced button.
Step 3
Check the Enable Object Group Search Algorithm check box.
For more information about access rules, see the
page
Cisco ASA 5500 Series Configuration Guide using ASDM
30-12
Maximum Deny-flows—The maximum number of deny flows permitted before the adaptive security
appliance stops logging, between 1 and the default value. The default is 4096.
Alert Interval—The amount of time (1-3600 seconds) between system log messages (number
106101) that identify that the maximum number of deny flows was reached. The default is 300
seconds.
Per User Override table—Specifies the state of the per user override feature. If the per user override
feature is enabled on the inbound access rule, the access rule provided by a RADIUS server replaces
the access rule configured on that interface. If the per user override feature is disabled, the access
rule provided by the RADIUS server is combined with the access rule configured on that interface.
If the inbound access rule is not configured for the interface, per user override cannot be configured.
Object Group Search Setting—Reduces the amount of memory used to store service rules, but
lengthens the amount of time to search for a matching access rule.
30-1.
Chapter 30
"Information About Access Rules" section on
Configuring Access Rules
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
