When using downloadable ACLs it is my understanding that you specify a source address of "any" to represent the IP of the host authenticating to the FW. Is this true?
Assuming this is true, what would happen if you specified a host address in the downloadable ACL as opposed to using "any"? Would it then enforce that ACL? So I could maybe authenticate to the firewall as "BackupAdmin" and have it download an ACL which allows Server A to connect to the backup server? Even if I was authenticating from say, my workstation?
I am thinking (based on your response) that what I want to do is not possible.....
The fundamental functionality of a DACL is a user has limited access, they hit the firewall, authenticate, and a new set of rules is applied which allows new access.
The intention of this (and possibly the only way it works) is for my workstation to have no access, my workstation to authenticate, and my workstation to have additional access. What I was inquiring about is the ability for a DACL to impact an unrelated system.
so for example, my workstation has full access to everythng, but Server A cannot talk to Server B. Could I hit the firewall from my workstation, authenticate, and download an ACL that allows server A to then communicate with server B?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...