Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
876
Views
4
Helpful
3
Replies

Firewall rule line placement in fwsm sequentially

Go to solution
suthomas1
Level 6
Level 6

‎07-15-2009 06:37 AM - edited ‎03-11-2019 08:55 AM

I have query regarding placement of rules on fwsm using cli when inserting new acl's for getting correct sequence.

Would the original acl occupying the particular line no. be removed if i try to add/insert another acl starting with same line no(one for remark & one for actual acl)before/after(or actually in place of existing since we use that line no.) the existing acl?

eg:-(existing rules)

acl test_in line 124 remark allow to sql

acl test_in line 125 permit tcp host 192.168.100.2 host 192.168.20.5 eq 1433

acl test_in line 126 permit tcp object-group test_1 object-group test_2 object-groupTCP_4

access-list check_access line 125 extended permit tcp host users host 192.168.100.10 eq 1521

I need to insert following two line rule after rule125 ( in place of 126)

acl test_in line 126 remark allow to smb

acl test_in line 125 permit tcp host 192.168.100.100 host 192.168.20.10 eq 1433

If i insert this after rule 125 , will it push existing line 126 further ahead or remove it completely?

Also, if am correct the more specific rules should be put on top before the broad rules, correct?

Kindly help to understand.

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to suthomas1

‎07-15-2009 08:19 AM

"But for sure, doing such insertions wont cause any of the rules/remarks to be removed right."

No rules should be removed. They simply get a different line number.

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎07-15-2009 07:52 AM

Sunny

"If i insert this after rule 125 , will it push existing line 126 further ahead or remove it completely?"

It will push existing line 126 further ahead.

"Also, if am correct the more specific rules should be put on top before the broad rules, correct?"

Correct.

Jon

Go to solution
suthomas1
Level 6
Level 6
In response to Jon Marshall

‎07-15-2009 08:14 AM

Thanks Jon.

But for sure, doing such insertions wont cause any of the rules/remarks to be removed right.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to suthomas1

‎07-15-2009 08:19 AM

"But for sure, doing such insertions wont cause any of the rules/remarks to be removed right."

No rules should be removed. They simply get a different line number.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card