Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

A question about ASA 8.3 global ACLs against interface ACLs

Hello Cisco Experts,

I have a question about the Global ACLs feature introduced in ASA 8.3.

Which ACLs are match first, Global ACLs or the regular interface-base ACLs?

As I understood, if both Blobal and interface-base ACLs exist in the policy, the firewall will try to match (incoming/outgoing) traffic against the interface-base ACLs and if no match is found then the firewall tries  to match the traffic against the Blobal ACLs.

is that correct?

thank you

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: A question about ASA 8.3 global ACLs against interface ACLs

It matches interface acl first before global.

Here is the documentation for your reference :

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/access_rules.html#wp1083595

####

You can configure global access rules in  conjunction with interface access rules, in which case, the specific  interface access rules are always processed before the general global  access rules.

####

2 REPLIES
Cisco Employee

Re: A question about ASA 8.3 global ACLs against interface ACLs

It matches interface acl first before global.

Here is the documentation for your reference :

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/access_rules.html#wp1083595

####

You can configure global access rules in  conjunction with interface access rules, in which case, the specific  interface access rules are always processed before the general global  access rules.

####

New Member

Re: A question about ASA 8.3 global ACLs against interface ACLs

thanks a lot

10492
Views
0
Helpful
2
Replies
CreatePlease to create content