Jon Marshall Wed, 05/19/2010 - 09:19
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

What exactly do you mean by one way traffic ?


accesshollywood2 Wed, 05/19/2010 - 09:55
User Badges:

for instance if i a server was only able to send traffic out the firewall interface but not recieve.......

or for the server to recieve traffic but not send.... i know it sounds a little confusing, but its how it has to be...

i know about duplex, but this is a different scenerio..

permit one way traffic from a host to a destination on a firewall....

John Blakley Wed, 05/19/2010 - 10:00
User Badges:
  • Purple, 4500 points or more

The firewall is going to allow return traffic. If you want your server to accept traffic on port 80, then set your ACL up on the outside interface (assuming you want the public to get to it) and they'll be able to. You won't be able to do a "one-way" scenario though because of the way TCP works. It has to be able to answer the syn packet that's sent, so if you open anything up it would need to be bidirectional.

If you want to allow only your server out to the web, but not allow anyone to it or allow the server anywhere else, put an acl on the dmz or inside (wherever your server is) and only allow that one server through that one port. Everything else would be denied and no one would be able to get to it from the outside because you're not allowing sessions to be created from the outside.

If this doesn't answer your question, it'd be helpful if you told us your exact scenario.




This Discussion