So I'm working on migration of ACL from an Cisco ASR router to a NGFW and bumped into this piece of code that I can't make sense of:deny icmp any 0.0.0.15 255.255.255.0 echo
deny icmp any 0.0.0.31 255.255.255.0 echo
deny icmp any 0.0.0.47 255.255.255.0 echo
deny icmp any 0.0.0.63 255.255.255.0 echo
deny icmp any 0.0.0.79 255.255.255.0 echo
deny icmp any 0.0.0.95 255.255.255.0 echo
deny icmp any 0.0.0.111 255.255.255.0 echo
deny icmp any 0.0.0.127 255.255.255.0 echo
deny icmp any 0.0.0.143 255.255.255.0 echo
deny icmp any 0.0.0.159 255.255.255.0 echo
deny icmp any 0.0.0.175 255.255.255.0 echo
deny icmp any 0.0.0.191 255.255.255.0 echo
deny icmp any 0.0.0.207 255.255.255.0 echo
deny icmp any 0.0.0.223 255.255.255.0 echo
deny icmp any 0.0.0.239 255.255.255.0 echo
I get that all those subnets are considered bogon, and someone who created those ACLs way before my time knew that he was doing, but wildcard masks make no sense to me. Can someone suggest what those networks should look like using CIDR or regular netmask form so I can create objects on the recipient firewall. Thanks in advance!
No comments:
Post a Comment