I am a fan of conduits, and until we got a FWSM in our environment I was not forced to consider deploying PIX ACLs. Now I have come to grips with PIX ACLs, and don't have a problem with their functionality. I just have a question regarding their benefits, and what warrants the Cisco position of ACLs not conduits.
As I see it, ACLs only have the benefits of some cosmetic similarity to router ACLs, and the fact that rules related to an interface are grouped together somewhat increases readability. But they seem to come at a cost of significantly increased complexity when used on a DMZ that requires both inbound and outbound permissions.
Any comments (flames or otherwise) will be very useful.
I don´t know for sure, but I believe that in fact it was mostly driven by getting more and more into one IOS (as also done on the Catalyst switch series) with one same CLI and indeed cosmetic similarity
Also think that they did it because of the established command use, especially usefull for complex situations (with more interfaces, dmz´s, et cetera). Misconfigured established command did create larger security risk, since a lot of people did not understand them well, and confused it with the established ACL feature in Cisco IOS
But I´m also curious why they did it, so, would be nice if anyone from Cisco could tell us more :-))
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...