A couple of tools can be used. If there is an access-list issue, you can "show access-list" and watch for hits. Better still is the packet tracer utility. Using it, one can test the firewall's handling of a hypothetical flow and tell if it pases or, if it fails, why it does. See the syntax and examples in the command reference. You can also capture traffic but that won't necessarily show you how the firewall is handling the traffic.
Well-established and unchanging FQDNs can indeed be used in access-lists (assuming your ASA can resolve them on a configured DNS server).
I'm just saying that, for instance, when I browse from my Windows 7 machine to windowsupdate.microsoft.com, it redirects to update.microsoft.com (at the same IP) which in turn instructs me to use the control panel applet. When I do that (and watch the connections from my machine) I see a connection open up to another address in the same network. A simple FQDN in the access-list might not follow all of that web redirection.
Upgrading from 7.2 to 8.2 is supported. Reference here.
Thank you all! Beside the question above, can anyone tell me why my static ip address stop working. I created a static ip address which allow external traffic to access internal hosts. As you can see below, I added these lines:
access-list outside_access_in extended permit ip any host 22.214.171.124
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...