I have a general question regarding firewalls, but specifically as it pertains to the CBAC firewall feature set on, say, a 2811. Assuming that I have an ISR with a serial interface on the WAN side and an Ethernet as the LAN side, an ACL set up on the WAN side pointed inward (to filter incoming traffic.) Now, I have to decide which type of traffic the CBAC should inspect on the WAN interface (inbound or outbound). It makes sense to me that the inbound traffic should be inspected after it clears the acl (since we're trying to protect ourselves from internal threats.) Is there any reason to inspect traffic headed outbound from the LAN side?
No, typically traffic is inspected inbound on LAN interface or outbound on WAN interface. You may want to inspect traffic outbound on WAN interface if you want to inspect traffic on multiple interfaces inbound on the same router.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...