see an example using object-group service

Posted on 2005-04-07
Medium Priority
Last Modified: 2010-04-08
see an example using object-group service

I would like to see an example using object-group service command with  the following

object service name: management

for services : ssh,dns,ntp,ldap,syslog,snmp,smtp

ACL: then apply it from lower security30 (dmz1) on to a higher (inside) security100
Question by:cogit
  • 3
LVL 79

Expert Comment

ID: 13731449

object-group service HEAT tcp
  port-object eq www
  port-object eq https
  port-object eq 491
object-group network HEAT_SRVRS
  network-object APROHEAT01
  network-object APROHEAT02
access-list inbound permit tcp any object-group HEAT_SRVRS object-group HEAT
access-group inbound in interface outside
LVL 79

Expert Comment

ID: 13731489
Here's one the reverse:

object-group service User_Outbound tcp
  port-object eq telnet
  port-object eq www
  port-object eq ssh
  port-object eq ftp-data
  port-object eq https
  port-object eq ftp
access-list outbound permit tcp any any object-group User_Outbound
access-list outbound permit udp host <dns server> any eq domain
access-group outbound in interface inside

Author Comment

ID: 13731866
this work?

object-group protocol typeofprotocol
protocol-object tcp
 protocol-object udp
S# exit
S# object-group service management tcp-udp
port-object eq 22
port-object eq 53
port-object eq 123
port-object eq 389
port-object eq 514
port-object eq 161
port-object eq 25
(config-service)#  exit

access-list vlan32_out permit object-group typeofprotocol  object-group  management
access-list vlan33_out permit object-group typeofprotocol  object-group  management
access-list vlan34_out permit object-group typeofprotocol  object-group  management
access-list v44_out permit object-group typeofprotocol  object-group  management
access-list v54_out permit object-group typeofprotocol  object-group  management
access-list v64_out permit object-group typeofprotocol  object-group  management
access-group vlan32_out in interface vlan32
access-group vlan33_out in interface vlan33
access-group vlan34_out in interface vlan34
access-group v44_out in interface v44
access-group v54_out in interface v54
access-group v64_out in interface v64

LVL 79

Accepted Solution

lrmoore earned 2000 total points
ID: 13739492
I don't know why that would not work.
You can also group your networks. This is just an example only:

name DOT32
name DOT33
name DOT34
name DOT54
name DOT64

object-group network LOWSECURITY
  network-object DOT32
  network-object DOT33
  network-object DOT34

object-group network HIGHSECURITY
  network-object DOT54
  network-object DOT64

access-list dmz_in permit object-group typeofprotocol object-group LOWSECURITY object-group HIGHSECURITY object-group management


Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month13 days, 14 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question