https://community.cisco.com/t5/network-security/asa-v-router/m-p/2083594#M395173 <HTML><HEAD></HEAD><BODY><P>Hello Ben,</P><P></P><P>The ACLs are going to be the simple layer 3-4 check but you can use layer 7 inspection in order to perform more advanced and granular inspection with the use of the Modular Policy Framework ( MPF)</P><P></P><P>Regards</P></BODY></HTML> Sun, 25 Nov 2012 16:54:25 GMT Julio Carvajal 2012-11-25T16:54:25Z https://community.cisco.com/t5/network-security/asa-v-router/m-p/2083593#M395171 <P>Hello everyone </P><P></P><P>forgive me but i am trying understand the ASA firewalls more i come from a router zone based firewall background but the ASA seem to have less advance firewall?</P><P></P><P>the ASA seem to reply more on ACLS were the ZBR seems to use the class map for layer 4 inspection </P><P></P><P>to me the ZBF seems to have been advanced more in the config compared to the ASA</P><P></P><P>am i missing something ? are the ACLs on a ASA different to the kind on a router do they inspect traffic like the class map?</P><P></P><P>any info would be great </P><P></P><P>thanks</P><P></P><P>Ben</P> Tue, 12 Mar 2019 00:27:39 GMT https://community.cisco.com/t5/network-security/asa-v-router/m-p/2083593#M395171 ciscoben2009 2019-03-12T00:27:39Z https://community.cisco.com/t5/network-security/asa-v-router/m-p/2083594#M395173 <HTML><HEAD></HEAD><BODY><P>Hello Ben,</P><P></P><P>The ACLs are going to be the simple layer 3-4 check but you can use layer 7 inspection in order to perform more advanced and granular inspection with the use of the Modular Policy Framework ( MPF)</P><P></P><P>Regards</P></BODY></HTML> Sun, 25 Nov 2012 16:54:25 GMT https://community.cisco.com/t5/network-security/asa-v-router/m-p/2083594#M395173 Julio Carvajal 2012-11-25T16:54:25Z https://community.cisco.com/t5/network-security/asa-v-router/m-p/2083595#M395175 <HTML><HEAD></HEAD><BODY><P>will the ASA allow return traffic like a class map would on a router?</P><P></P><P>the ASA sounds almost like the IOS firewall but needs inspection rules to return traffic does the ASA do this the same way?</P></BODY></HTML> Sun, 25 Nov 2012 18:13:18 GMT https://community.cisco.com/t5/network-security/asa-v-router/m-p/2083595#M395175 ciscoben2009 2012-11-25T18:13:18Z https://community.cisco.com/t5/network-security/asa-v-router/m-p/2083596#M395178 <HTML><HEAD></HEAD><BODY><P>Hello Ben,</P><P></P><P>Yes, it will... That is the whole purpose of a deep packet inspection and stateful firewall as the ASA.</P><P></P><P>The ASA has already some built-in inspection rules that will allow traffic to return when this traffic is innitiatted on the higher security level interface.</P><P></P><P></P><P></P><P>Regards,</P></BODY></HTML> Sun, 25 Nov 2012 18:24:50 GMT https://community.cisco.com/t5/network-security/asa-v-router/m-p/2083596#M395178 Julio Carvajal 2012-11-25T18:24:50Z https://community.cisco.com/t5/network-security/asa-v-router/m-p/2083597#M395181 <HTML><HEAD></HEAD><BODY><P>ah i see thats great thanks!</P></BODY></HTML> Sun, 25 Nov 2012 19:20:43 GMT https://community.cisco.com/t5/network-security/asa-v-router/m-p/2083597#M395181 ciscoben2009 2012-11-25T19:20:43Z