psla/psla-mdf-a8360-sw1.cfg Mon Mar 16 08:32:17 PM EDT 2026

configs/psla/psla-mdf-a8360-sw1.cfg

@@ -38,6 +38,16 @@ object-group ip address clearpass_servers
     10 10.1.40.115
     20 10.1.40.116
     30 10.1.40.117
+object-group ip address day-enterprise-servers
+    10 10.1.230.11
+    20 10.1.40.108
+    30 10.1.230.11
+    40 10.1.40.108
+object-group ip address dns-servers
+    10 10.1.40.10
+    20 10.1.48.11
+    30 10.1.40.10
+    40 10.1.48.11
 object-group ip address dom_cont
     10 10.1.40.10
     20 10.1.40.95
@@ -47,6 +57,11 @@ object-group ip address dom_cont
     60 10.1.48.10
 object-group ip address netadmin_hosts
     10 10.1.6.0/255.255.255.0
+object-group ip address ntp-servers
+    10 10.1.40.154
+    20 10.1.48.103
+    30 10.1.40.154
+    40 10.1.48.103
 object-group ip address rfc_1918
     10 10.0.0.0/255.0.0.0
     20 192.168.0.0/255.255.0.0
@@ -139,6 +154,16 @@ access-list ip Image-acl
     158 permit tcp any clearpass_servers group clearpass_tcp_ports
     160 deny any any any
 access-list ip hvac
+access-list ip hvac-acl
+    10 permit any 10.3.230.0/255.255.255.224 day-enterprise-servers
+    20 permit udp 10.3.230.0/255.255.255.224 dns-servers eq dns
+    30 permit udp 10.3.230.0/255.255.255.224 ntp-servers eq ntp
+    40 permit icmp 10.3.230.0/255.255.255.252 10.3.230.0/255.255.255.224
+    50 permit icmp 10.3.230.0/255.255.255.224 10.3.230.0/255.255.255.252
+    60 deny any any 10.0.0.0/255.0.0.0
+    70 deny any any 192.168.0.0/255.255.0.0
+    80 deny any any 172.16.0.0/255.240.0.0
+    90 permit tcp 10.3.230.0/255.255.255.224 any eq 587 log count
 access-list ip sbhc-acl
     10 comment SBHC_Out
     10 permit any sbhc_internal sbhc_external