topic Default action block problem in Network Security

Default action block problem

gogi99 — Tue, 04 Jan 2022 08:02:55 GMT

i have the firepower 1120. i configured my device for access to internet from DMZ zone and to access to my web server, but with default action allow. when i set default action BLOCK, and i create NAT: manual for accesss dmz zone to internet and automatic nat for access to my web server, nothing is working. what i must to make that my firewall works when is set default action BLOCK?

Re: Default action block problem

Rob Ingram — Tue, 04 Jan 2022 08:06:45 GMT

@gogi99 you have to explictly permit the traffic in order to match before the default action of deny.

Provide screenshots of your ACP rules when it does not work. FYI - the ACP rule uses the real IP address not the NAT address.

Re: Default action block problem

gogi99 — Tue, 04 Jan 2022 08:59:55 GMT

I don't have screen because of i configured my device, where my access rules have not zones. I just use networks or hosts. The specific rules are on top, the common rules are on bottom