ACL, Allowing and Denying

Eng-Ruthless · ‎08-19-2024

Greetings,

I hope to help you clarify the concept of (ACL, Allowing and Denying).

I have a Cloud portal where I hosted Two Servers, and the support team added a section for me (Firewall), which is just an ACL.

SRV1 IP: 20.200.92.20
SRV2 IP: 20.200.108.10

However, I discovered that if I enter SRV2, I can access SRV1 through it.

So, from the Firewall section, I added a policy in the first place:

Deny 20.200.108.10/32 as the source & 20.200.92.20/32 as the destination

But the connection is still active. The most important question is: do I need to add the following line?

Deny 20.200.92.20/32 as the source & 20.200.108.10/32 as the destination

Please clarify, if possible.

MHM Cisco World · ‎08-19-2024

Can you share topolgy

MHM

Eng-Ruthless · ‎08-19-2024

There is no topology that illustrates what has been mentioned because there are no interfaces that I can assign as S & D. The idea is that there are servers hosted in the cloud, and I want to create Denying between them.

Do I need to add:

Deny 20.200.108.10/32 as the source & 20.200.92.20/32 as the destination

along with the following line

Deny 20.200.92.20/32 as the source & 20.200.108.10/32 as the destination

According to my understanding of Policing, it should be sufficient to block from one side only, but this scenario has caused confusion for me. Are there scenarios that require blocking from both sides in the same way?

MHM Cisco World · ‎08-22-2024

""However, I discovered that if I enter SRV2, I can access SRV1 through it.""

How that can happened?

The only thing make this allow is both server use GW different than FW' in such traffic between two server not filter by FW

MHM