Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CBAC Firewall Locations

Am I better to place the CBAC inspection on the outside "out" or inside "in" interface?

Is there a rule as with standard and exteneded ACLs?

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Re: CBAC Firewall Locations

Yes, I would also think that it's better to apply it in the outside interface because that is more likely to be the point of entry for malicious traffic.

Paresh

3 REPLIES
Purple

Re: CBAC Firewall Locations

Hi,

The general rule with filtering is to filter as early as possible. However, your circumstances will dictate whether you place it on the inside or the outside interface.

Paresh

New Member

Re: CBAC Firewall Locations

I'm guessing unless I need specific inspections for the inside "in" ie DMZ and LAN I would be better putting this on the outside "out" to prevent un-necessary traffic coming into the router then getting dropped?

I ask because I inherited two routers on a new network, one seems to filter on LAN other onthe outside.

Purple

Re: CBAC Firewall Locations

Yes, I would also think that it's better to apply it in the outside interface because that is more likely to be the point of entry for malicious traffic.

Paresh

93
Views
0
Helpful
3
Replies