Hi,
I've read that it's not best practice to have multiple service objects defined for the same port/protocol here. And it got me thinking.
What is the best practice in case we need to create rules with overlapping port ranges with the same protocol?
For example, let's assume that
- I need to allow access between Network A - Network B on ports 10000 - 20000 on protocol X.
- But at the same time, I need to block traffic between Network C - Network D on ports 15000 - 25000 on protocol X.
- Additionally, a new requirement comes and I need to create a new rule that allows access between Network E - Network F on ports 12000 - 27000, again on protocol X.
The first thing that comes to my mind is to create different service objects for these different ranges and use them where needed. But if I understand it correctly, it's not the best practice and probably will give me "Services port conflict" warning when installing the policy.
How do we do this in this kinds of situations?
Cheers!