Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Firewall rule line placement in fwsm sequentially

I have query regarding placement of rules on fwsm using cli when inserting new acl's for getting correct sequence.

Would the original acl occupying the particular line no. be removed if i try to add/insert another acl starting with same line no(one for remark & one for actual acl)before/after(or actually in place of existing since we use that line no.) the existing acl?

eg:-(existing rules)

acl test_in line 124 remark allow to sql

acl test_in line 125 permit tcp host 192.168.100.2 host 192.168.20.5 eq 1433

acl test_in line 126 permit tcp object-group test_1 object-group test_2 object-groupTCP_4

access-list check_access line 125 extended permit tcp host users host 192.168.100.10 eq 1521

I need to insert following two line rule after rule125 ( in place of 126)

acl test_in line 126 remark allow to smb

acl test_in line 125 permit tcp host 192.168.100.100 host 192.168.20.10 eq 1433

If i insert this after rule 125 , will it push existing line 126 further ahead or remove it completely?

Also, if am correct the more specific rules should be put on top before the broad rules, correct?

Kindly help to understand.

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Firewall rule line placement in fwsm sequentially

"But for sure, doing such insertions wont cause any of the rules/remarks to be removed right."

No rules should be removed. They simply get a different line number.

Jon

3 REPLIES
Hall of Fame Super Blue

Re: Firewall rule line placement in fwsm sequentially

Sunny

"If i insert this after rule 125 , will it push existing line 126 further ahead or remove it completely?"

It will push existing line 126 further ahead.

"Also, if am correct the more specific rules should be put on top before the broad rules, correct?"

Correct.

Jon

New Member

Re: Firewall rule line placement in fwsm sequentially

Thanks Jon.

But for sure, doing such insertions wont cause any of the rules/remarks to be removed right.

Hall of Fame Super Blue

Re: Firewall rule line placement in fwsm sequentially

"But for sure, doing such insertions wont cause any of the rules/remarks to be removed right."

No rules should be removed. They simply get a different line number.

Jon

617
Views
4
Helpful
3
Replies
CreatePlease to create content