Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
865
Views
0
Helpful
2
Replies

Does Disabling Access Lists on the PIX Firewall Block All Traffic?

admin_2
Level 3
Level 3

‎07-02-2002 11:17 AM - edited ‎02-20-2020 10:08 PM

If access lists are disabled on the PIX Firewall, does that mean all traffic is blocked?

0 Helpful
2 Replies 2

Not applicable

‎07-02-2002 11:17 AM

It depends...

  • If you are going from a higher security level to a lower security level, all connections are allowed as long as there is an xlate. So from the inside of the PIX, if there is no outbound access-list, then all traffic will flow. If you do not want all IP traffic to get out to the other interface then you will need to build outbound access-lists.

  • If you are going from a lower security level to a higher security level, you need to have a conduit or an access-list command to permit the traffic. If not, the traffic will be blocked.

    • 0 Helpful

    yusuff
    Cisco Employee
    Cisco Employee
    In response to

    ‎07-03-2002 02:26 AM

    Just to add to the above post, ICMP is an exception. If you ping from inside to outside, and you do not have any ACL/conduit configured, ping will FAIL. ICMP needs to be explicitly allowed for return traffic, all other traffic will be allowed if ACL is not configured though (as per previous post).

    Handling ICMP on PIX

    http://www.cisco.com/warp/public/110/31.html

    HTH

    R/Yusuf

    0 Helpful
    Customers Also Viewed These Support Documents
    Review Cisco Networking products for a $25 gift card