If you are working on a firewall and find that you need to allow traffic that is destined for more than one interface, you would probably use multiple access list entries.  This is so that you can more easily make changes later on to one group of destinations, without affecting the others.

Well, I don’t know why I never thought of this before, but the use of nested object groups can give you the best of both worlds- a single line access list entry that can contain several groups of destinations yet can still be easily modified later on.

So I can have this one line access list entry;

That applies to this one group;

But it contains these other groups so it is still modular and can be easily modified;

Posted in Network
No Comments Yet Posted by