Hello Cisco Experts,
I have a question about the Global ACLs feature introduced in ASA 8.3.
Which ACLs are match first, Global ACLs or the regular interface-base ACLs?
As I understood, if both Blobal and interface-base ACLs exist in the policy, the firewall will try to match (incoming/outgoing) traffic against the interface-base ACLs and if no match is found then the firewall tries to match the traffic against the Blobal ACLs.
is that correct?
It matches interface acl first before global.
Here is the documentation for your reference :
You can configure global access rules in conjunction with interface access rules, in which case, the specific interface access rules are always processed before the general global access rules.