04-19-2009 02:50 AM - edited 03-04-2019 04:25 AM
I want to protect WAN interface, i am not sure what technology should I use. ACL or IOS Firewall?
I use WAN interface for:
1. NAT outside
2. IPSEC VTI to branches.
3. EasyVPN for home users.
What is practical difference between ACL and IOS Firewall?
04-19-2009 03:08 AM
"What is practical difference between ACL and IOS Firewall?"
An IOS firewall is feature richer. For example, one major difference, most "ordinary" ACLs are stateless while firewalls rules often can be stateful. However, reflexive ACLs are stateful too, but they might not cover as many stateful situations as firewall rules.
More information for IOS firewalls can be found here: http://www.cisco.com/en/US/products/sw/secursw/ps1018/index.html
Configuration guide for reflexive ACLs: http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfreflx.html
04-19-2009 06:05 AM
Thank you.
04-19-2009 06:07 AM
And as I understand there are two different IOS firewals:
CBAC and Zone bazed firewall? Correct so what is the difference?
04-19-2009 07:48 AM
Zone based is the newer. If I recall correctly, it allows security to be defined relative to "zones" to which an interface or interfaces are attached. CBAC, I think, is defined per interface. There are some feature differences too; CBAC having, I believe, some that zone based don't yet have (although they are on the road map).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide