Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4654
Views
0
Helpful
1
Replies

what is the difference between drop and deny?

sherwin.alcantara
Level 1
Level 1

‎01-27-2014 11:06 PM - edited ‎03-11-2019 08:36 PM

HI Guys I have read many articles but I need a details explanation on what is the difference between drop and deny.

Your answers are really appreciated.  Thanks!

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎01-27-2014 11:43 PM

Hi,

I am not sure if there really is much difference in the end result.

Traffic might be Denied by the firewall configuration and it will be therefore Dropped. Traffic might be Denied due the interface ACLs or perhaps because there was a packet arriving on ASA that was supposedly part of an existing connection for which ASA does not have information in its connection table (end result is till Drop). Traffic might be Dropped because of the previously mentioned Deny caused by ACL. It might also be Dropped because of missconfigured NAT for example

Is some specific situation unclear related to these or why are you asking?

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card