Just a "stupid" question:
Is there a reason NOT to use Shared object address list's with a VS?
In contrast using multiple VS configurations (when only destination address is the difference).
Like to hear you thoughts
Solved! Go to Solution.
When using shared objects some ACL mechanisms are applied in the background.
In the past I saw some issues there (especially in the context of route domains), which seem to be fixed in the current TMOS v126.96.36.199.
The mix of IPv4/IPv6 is exactly why I want to use it.
Butissues will also be there , no matter what solution you will implement.
My biggest "concern" is making 2 VS (1 IPv4 and 1 IPv6) is that you need to do every config change twice. Which is a potential problem, as somebody making changes to only one VS.
By the ACL in the config file you mean "security firewall address-list" As they must be/should be the same as the configured lists?