https://community.cisco.com/t5/network-security/a-question-about-asa-8-3-global-acls-against-interface-acls/m-p/1479237#M740063 <HTML><HEAD></HEAD><BODY><P>It matches interface acl first before global.</P><P></P><P>Here is the documentation for your reference :</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/access_rules.html#wp1083595">http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/access_rules.html#wp1083595</A></P><P></P><P>####</P><P><SPAN class="content">You can configure global access rules in&nbsp; conjunction with interface access rules, in which case, the specific&nbsp; interface access rules are always processed before the general global&nbsp; access rules. </SPAN></P><P>####</P></BODY></HTML> Thu, 10 Jun 2010 13:03:28 GMT edadios 2010-06-10T13:03:28Z https://community.cisco.com/t5/network-security/a-question-about-asa-8-3-global-acls-against-interface-acls/m-p/1479236#M740041 <P>Hello Cisco Experts,</P><P></P><P>I have a question about the Global ACLs feature introduced in ASA 8.3.</P><P></P><P>Which ACLs are match first, Global ACLs or the regular interface-base ACLs?</P><P></P><P>As I understood, if both Blobal and interface-base ACLs exist in the policy, the firewall will try to match (incoming/outgoing) traffic against the interface-base ACLs and if no match is found then the firewall tries&nbsp; to match the traffic against the Blobal ACLs.</P><P></P><P>is that correct?</P><P></P><P></P><P>thank you</P> Mon, 11 Mar 2019 17:57:41 GMT https://community.cisco.com/t5/network-security/a-question-about-asa-8-3-global-acls-against-interface-acls/m-p/1479236#M740041 shaijosef 2019-03-11T17:57:41Z https://community.cisco.com/t5/network-security/a-question-about-asa-8-3-global-acls-against-interface-acls/m-p/1479237#M740063 <HTML><HEAD></HEAD><BODY><P>It matches interface acl first before global.</P><P></P><P>Here is the documentation for your reference :</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/access_rules.html#wp1083595">http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/access_rules.html#wp1083595</A></P><P></P><P>####</P><P><SPAN class="content">You can configure global access rules in&nbsp; conjunction with interface access rules, in which case, the specific&nbsp; interface access rules are always processed before the general global&nbsp; access rules. </SPAN></P><P>####</P></BODY></HTML> Thu, 10 Jun 2010 13:03:28 GMT https://community.cisco.com/t5/network-security/a-question-about-asa-8-3-global-acls-against-interface-acls/m-p/1479237#M740063 edadios 2010-06-10T13:03:28Z https://community.cisco.com/t5/network-security/a-question-about-asa-8-3-global-acls-against-interface-acls/m-p/1479238#M740090 <HTML><HEAD></HEAD><BODY><P>thanks a lot</P></BODY></HTML> Thu, 10 Jun 2010 13:47:53 GMT https://community.cisco.com/t5/network-security/a-question-about-asa-8-3-global-acls-against-interface-acls/m-p/1479238#M740090 shaijosef 2010-06-10T13:47:53Z