Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

dany any any

i ask if i need to write at the end of ACl this command

access-list outgoing extended deny ip any any

2 REPLIES
Hall of Fame Super Blue

Re: dany any any

Hi

You don't need to add this as there is an implicit deny at the end of the access-list anyway so any packets not permitted in your access-list will be dropped.

The only reason you may want to add it is so you can see how many packets your firewall is dropping by looking at the hit counters.

HTH

Jon

Silver

Re: dany any any

That is true, Implicit deny always there... But it is require only the time of troubleshooting or some of testing time.

to check the hit comes ot not...by command

show access-list outgoing

Regards,

Dharmesh Purohit

154
Views
0
Helpful
2
Replies
CreatePlease to create content