I believe the answer to your first question is that yes any access list which is used for filtering traffic must include some permit statements. The default action in the access list (what happens if something gets to the bottom of the list without being a match) is to deny. So if the access list does not have some permits then everything will be denied.
I believe that there are two approaches in creating access lists which are reflected in how the lists are built. You can specifically deny what you do not want and then permit everything else. Or you can permit what you specifically want and deny everything else.
To answer your second question, if you want to allow access to http without explicitly denying then you can use the second model of access list and explicitly permit what you want and then let the implicit deny any at the end of the access list deny everything else.
One word of caution is that you should think carefully about what you will need to permit. It is easy to understand that you need a permit for http. But you should also think about whether you need permits for things like DNS, for ICMP, and for a number of other services.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...