Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Hardening of Firewall

can any one explain me about Cleanup & stealth rule of ASA F/W.Kindly advice how to configure it..!


Re: Hardening of Firewall

Stealth Rule ( putting management ACEs at the top of your ACL): This is not relevant to Cisco firewalls as the two ACLs are completely separate entities.

Cleanup Rule ( denying all traffic that is not explicitly permitted):This is implicit in every ACL on a Cisco product. There is always an

implicit deny at the end of every ACL.


Community Member

Re: Hardening of Firewall

Its not clear about staelth rule.

Kindly explain about hardening of firewall like how stop Dos attack.How to save my network from hacker because my firewall open port is 53 & 80 due to running webserver and dns forwarding .....

Re: Hardening of Firewall

By definition Stealth rule defines the policy that restrict access to the Firewall itself and protect the firewall from traffic directed towards itself.

In cisco firewalls the direct traffic (telnet,ssh,icmp,Http..) is controlled seperately.

"Traffic through the firewall" is controlled by ACL and "traffic to the firewall" is controlled by separate set of commands.

For cisco's recommendation on FW hardening p

Check the examples on Cisco SAFE Blueprint

SAFE: A Security Blueprint for Enterprise Networks

SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User


Syed Iftekhar Ahmed

CreatePlease to create content