06-10-2010 05:52 AM - edited 03-11-2019 10:57 AM
Hello Cisco Experts,
I have a question about the Global ACLs feature introduced in ASA 8.3.
Which ACLs are match first, Global ACLs or the regular interface-base ACLs?
As I understood, if both Blobal and interface-base ACLs exist in the policy, the firewall will try to match (incoming/outgoing) traffic against the interface-base ACLs and if no match is found then the firewall tries to match the traffic against the Blobal ACLs.
is that correct?
thank you
Solved! Go to Solution.
06-10-2010 06:03 AM
It matches interface acl first before global.
Here is the documentation for your reference :
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/access_rules.html#wp1083595
####
You can configure global access rules in conjunction with interface access rules, in which case, the specific interface access rules are always processed before the general global access rules.
####
06-10-2010 06:03 AM
It matches interface acl first before global.
Here is the documentation for your reference :
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/access_rules.html#wp1083595
####
You can configure global access rules in conjunction with interface access rules, in which case, the specific interface access rules are always processed before the general global access rules.
####
06-10-2010 06:47 AM
thanks a lot
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide