Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 944 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

replace ACL rules when moving from ASA to XG

RA2500

hello

I'm new to XG firewall so bear with me please

I have XG firewall running on SFOS 18 and trying to replace Cisco ASA

we have a large amount of Access lists that permits specific host to access other host using specific ports 

from what I read the only mention of ACL is under: Administration -> Device access where I can add ACL Exception Rules 

I'm not sure how to implement these Access Lists in XG 

i tried to make them firewall rules but for example

access-list acl-test extended permit tcp host X.X.X.X range 2014 65535 host Y.Y.Y.Y eq 13721

I need to specify ports on X.X.X.X and Y.Y.Y.Y

how can I accomplish this?

Thanks 



This thread was automatically locked due to age.
Parents
  • 0

    Hi

     

    You should use firewall rules (is the same as the ACL list in Cisco). 

     

    Create a firewall rule, using the zone (where the source are) Network should be the source IP-address, Dest zone where the destination is, Network where is the destionation IP and Port is the port you would like to access

  • 0 in reply to RickardNordahl

    Hi 

    Thanks for answering ...I tried that but as i mentioned before in the example

    access-list acl-test extended permit tcp host X.X.X.X range 2014 65535 host Y.Y.Y.Y eq 13721

    I need to specify ports on both IPs X.X.X.X (2014 to 65535) and Y.Y.Y.Y (13721)

    The service section in the firewall rule means the services I want to access in the destination, unless I'm mistaken.

    so is there any way to do that?

Reply
  • 0 in reply to RickardNordahl

    Hi 

    Thanks for answering ...I tried that but as i mentioned before in the example

    access-list acl-test extended permit tcp host X.X.X.X range 2014 65535 host Y.Y.Y.Y eq 13721

    I need to specify ports on both IPs X.X.X.X (2014 to 65535) and Y.Y.Y.Y (13721)

    The service section in the firewall rule means the services I want to access in the destination, unless I'm mistaken.

    so is there any way to do that?

Children