topic Cisco FTD FDM Access Control function in Network Access Control https://community.cisco.com/t5/network-access-control/cisco-ftd-fdm-access-control-function/m-p/4259008#M564320 <P>Hello!</P><P>Imagine I have 1 client and 1 server</P><P>I create a rule that allows the client to talk to the DC on certain ports like dns, kerberos, ldap, time, rpc (135).</P><P>Looks like this:</P><P>client - ports = any -&gt; DC - ports = dns, kerberos, ldap, time, rpc, etc</P><P>&nbsp;</P><P>Since the client is initiating the contact to the DC, im thinking the DC will also reply within the same session.</P><P>Or do I need to create a additional rule for a reply?</P><P>DC - ports = any -&gt; client - ports = dns, kerberos, ldap, time, rpc, etc</P><P>&nbsp;</P><P>Please correct me if im wrong</P><P>&nbsp;</P><P>Thanks a lot!</P><P>&nbsp;</P> Tue, 15 Dec 2020 20:08:05 GMT S3C 2020-12-15T20:08:05Z Cisco FTD FDM Access Control function https://community.cisco.com/t5/network-access-control/cisco-ftd-fdm-access-control-function/m-p/4259008#M564320 <P>Hello!</P><P>Imagine I have 1 client and 1 server</P><P>I create a rule that allows the client to talk to the DC on certain ports like dns, kerberos, ldap, time, rpc (135).</P><P>Looks like this:</P><P>client - ports = any -&gt; DC - ports = dns, kerberos, ldap, time, rpc, etc</P><P>&nbsp;</P><P>Since the client is initiating the contact to the DC, im thinking the DC will also reply within the same session.</P><P>Or do I need to create a additional rule for a reply?</P><P>DC - ports = any -&gt; client - ports = dns, kerberos, ldap, time, rpc, etc</P><P>&nbsp;</P><P>Please correct me if im wrong</P><P>&nbsp;</P><P>Thanks a lot!</P><P>&nbsp;</P> Tue, 15 Dec 2020 20:08:05 GMT https://community.cisco.com/t5/network-access-control/cisco-ftd-fdm-access-control-function/m-p/4259008#M564320 S3C 2020-12-15T20:08:05Z Re: Cisco FTD FDM Access Control function https://community.cisco.com/t5/network-access-control/cisco-ftd-fdm-access-control-function/m-p/4259774#M564360 <P>Hi</P> <P>&nbsp;</P> <P>If the user starts the session and your rule allows this communication, there’s no need to create the reverse rule.</P> <P>&nbsp;</P> <P>Your description is correct.</P> Thu, 17 Dec 2020 03:49:52 GMT https://community.cisco.com/t5/network-access-control/cisco-ftd-fdm-access-control-function/m-p/4259774#M564360 Francesco Molino 2020-12-17T03:49:52Z