Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

what is the difference between drop and deny?

HI Guys I have read many articles but I need a details explanation on what is the difference between drop and deny.

Your answers are really appreciated.  Thanks!

1 REPLY
Super Bronze

what is the difference between drop and deny?

Hi,

I am not sure if there really is much difference in the end result.

Traffic might be Denied by the firewall configuration and it will be therefore Dropped. Traffic might be Denied due the interface ACLs or perhaps because there was a packet arriving on ASA that was supposedly part of an existing connection for which ASA does not have information in its connection table (end result is till Drop). Traffic might be Dropped because of the previously mentioned Deny caused by ACL. It might also be Dropped because of missconfigured NAT for example

Is some specific situation unclear related to these or why are you asking?

- Jouni

1280
Views
0
Helpful
1
Replies
CreatePlease to create content