So what is a standard number of ACL lines once you have extended out all your object-groups and such.
I was curious and looked at one of our FWs and we had 319,330 lines. How normal is that? (seems like alot to me)
On a perimeter or data center big bad firewall with contexts and what-not, yes, they can get that big, especially if they got to the point where people couldn't check to see if the object/rule was already there, so they just added another rule. I had one firewall that had 5 complete rules that each governed the same traffic between endpoints.
Get you some firewall management software in action and clean up the rule sets.