10-12-2016 10:59 AM - edited 03-11-2019 12:08 AM
Could any one please confirm my following assumptions about the processing of SGACLs.
a) SGACLs on a ASA firewall are stateful and processed as normal ACL's on a per interface basis ?
b) SGACLs on IOS are processed after normal Ingress ACL'a and before Egress ACL's and are stateless ?
Thanks in advance.
10-14-2016 03:44 PM
a) Yes, the ASA does not download ACLs from ISE as a swith does, it just uses SGT's in it's regular interface based ACLs, so you can use interface and global acls like normal.
b) Yes, that is also my understanding
10-15-2016 01:00 AM
Hi Ian,
Many thanks for taking the time to reply/
Much appreciated.
Graham.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide