TurboACLs are a new feature in PIX firewall software version 6.2 that compiles a long or complex ACL to enable faster processing of traffic through the ACL. TurboACLs do not speed up short ACLs; in fact, the PIX will not enable this feature on an ACL unless it is over 18 lines. TurboACL creates an index that enables the PIX to process the ACL faster.

The index created by a TurboACL requires a fair amount of resources, and should not be configured on anything lower than a 525 series firewall. To enable the TurboACL feature on all ACLs of the PIX, use the access-list compiled global command, which compiles all ACLs over 18 lines long. To verify that the TurboACLs are indeed turned on, issue a show access-list command:

PIX1(config)# <b class="bold">show access-list</b>access-list compiledaccess-list inside_public turbo-configured; 3 elementsaccess-list inside_public permit ip 10.1.1.0 255.255.255.0 any (hitcnt=0)access-list inside_public permit ip 10.1.2.0 255.255.255.0 any (hitcnt=0)access-list inside_public permit ip 10.1.3.0 255.255.255.0 any (hitcnt=0)

TurboACLs can be turned on and off for individual ACLs with the access-list compiled command. This feature can be very useful if there are only a few ACLs that need to be optimized. An example of individual compiling is shown here.

PIX1(config)# <b class="bold">no access-list compiled</b>PIX1(config)# <b class="bold">access-list outside_in compiled</b>