Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ACL

Hi,

does the ACL rules prevail over the basic rule that traffic can freely flow from higher to lower security interfaces ? In other words : whenever I place an ACL (with implicit deny any) on a user interface (like sec 100), I must specify that trafific towards Internet (sec 0) addresses is allowed though. Right or wrong ?

thank you

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ACL

Hi,

does the ACL rules prevail over the basic rule that traffic can freely  flow from higher to lower security interfaces ?

Yes. It is.By default all traffic is permitted(implicit permit) from high security level interface to low security level interface.If you are placing any ACL on the high security interface, that implicit permit  ACL will be removed by default.

Based on your new ACL the traffic will move from high security level interface to low security interface for those specific source and destinations

Regards

Karuppu

1 REPLY

Re: ACL

Hi,

does the ACL rules prevail over the basic rule that traffic can freely  flow from higher to lower security interfaces ?

Yes. It is.By default all traffic is permitted(implicit permit) from high security level interface to low security level interface.If you are placing any ACL on the high security interface, that implicit permit  ACL will be removed by default.

Based on your new ACL the traffic will move from high security level interface to low security interface for those specific source and destinations

Regards

Karuppu

177
Views
0
Helpful
1
Replies
CreatePlease to create content