On the ASA, an inbound access-list controls traffic coming into an interface, aka ingress traffic.
So if I have an Internet-facing interface (outside) with security 0, and I wanted to control inbound traffic through this interface to internal hosts (on a dmz perhaps), I would apply the access-list as so
access-group TEST in interface outside
but I am looking at a FWSM config that seems to be doing the opposite. It has a vlan interface defined like this
description Network Management VLAN
ip address 126.96.36.199 255.255.255.0
and an access-list that reads like this
access-list NETWORKMGT-IN remark THESE ACL STATEMENT PERMIT TRAFFIC FROM INSIDE THE SUBNET TO OUTSIDE HOSTS
with the CITRIX-SERVERS as hosts on Vlan58 (188.8.131.52 /24)
and the access-list is applied as so:
access-group NETWORKMGT-IN in interface NetworkMgt
So what do we mean by "in" --this is obviously egress traffic out of the interface, not traffic coming into the interface from the outside. On the FWSM do we control traffic into a vlan by a outbound access-list?
This just seems strange to me. Any advice would help.
On FWSM, you need to apply ACL on all interfaces to allow the traffic through the FWSM.
So on NetworkMgt interface, you would need to apply ACL for traffic initiated from behind this interface towards other interfaces. Similarly to the Outside interface, you would need to apply ACL for traffic initiated behind the Outside interface (aka Internet).
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...