Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

IOS firewall or Reflexive ACL?

What is the main benefit of using IOS firewall (CBAC) over reflexive ACLs? Speed? Both are opening holes as they are needed and closing them afterwards.

Is it CBAC's application layer awareness?

Thx

2 REPLIES
Silver

Re: IOS firewall or Reflexive ACL?

Hi,

CBAC has the DOS protection unlike Reflexive ACL. Inrecept feature is built into CBAC.

I hope this helps.

Regards,

Mynul

Community Member

Re: IOS firewall or Reflexive ACL?

Yes, CBAC has application awareness/inspection and reflexive ACLs don't. CBAC also has more features like traffic filtering, java blocking, alerts, audit trails, & intrusion detection. I believe IDS and stuff requires a 2600 or better. Use CBAC.

160
Views
0
Helpful
2
Replies
CreatePlease to create content