Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

8.3 Global Access Policy Question

Per the release notes:

If the configuration specifies both a global access policy and interface-specific access policies, the interface-specific policies are evaluated before the global policy.

How does this work with the implicit deny rules on an interface?  I'm assuming that it evalutes all the user-defined access rules on the interface, but doesn't run it through the implicit deny all on the interface, then runs it through the global policy.  If nothing matches in the global scope, then an implicit deny is matched at the end of the global policy - is this correct?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: 8.3 Global Access Policy Question

You are correct.

There is not implicit deny on the interface ACL if there is a global ACL defined.

I hope it helps.

PK

2 REPLIES
Cisco Employee

Re: 8.3 Global Access Policy Question

You are correct.

There is not implicit deny on the interface ACL if there is a global ACL defined.

I hope it helps.

PK

Community Member

Re: 8.3 Global Access Policy Question

Excellent - my testing looked like that was the case, but I just wanted confirmation.  Thanks so much.

200
Views
0
Helpful
2
Replies
CreatePlease to create content