Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Does Disabling Access Lists on the PIX Firewall Block All Traffic?

If access lists are disabled on the PIX Firewall, does that mean all traffic is blocked?

2 REPLIES
Anonymous
N/A

Re: Does Disabling Access Lists on the PIX Firewall Block All Tr

It depends...

  • If you are going from a higher security level to a lower security level, all connections are allowed as long as there is an xlate. So from the inside of the PIX, if there is no outbound access-list, then all traffic will flow. If you do not want all IP traffic to get out to the other interface then you will need to build outbound access-lists.
  • If you are going from a lower security level to a higher security level, you need to have a conduit or an access-list command to permit the traffic. If not, the traffic will be blocked.
  • Cisco Employee

    Re: Does Disabling Access Lists on the PIX Firewall Block All Tr

    Just to add to the above post, ICMP is an exception. If you ping from inside to outside, and you do not have any ACL/conduit configured, ping will FAIL. ICMP needs to be explicitly allowed for return traffic, all other traffic will be allowed if ACL is not configured though (as per previous post).

    Handling ICMP on PIX

    http://www.cisco.com/warp/public/110/31.html

    HTH

    R/Yusuf

    97
    Views
    0
    Helpful
    2
    Replies
    CreatePlease to create content