03-26-2009 02:58 PM - edited 03-11-2019 08:10 AM
All,
I'm setting up acls for the inside, dmz1, dmz2 and external.
My question is:
I have a host on the inside that needs to get to the dmz. I have an acl on the inside and I'll need to permit this host to the dmz. I'll also need to create an acl on the dmz interface that will allow the traffic back to that host, correct?
Thanks,
John
Solved! Go to Solution.
03-26-2009 04:42 PM
John
Assuming a firewall ie. a pix/asa then no because it is stateful so if you allow the traffic one way it will be allowed back in.
Note this applies to TCP/UDP. If you were using ICMP that is not stateful so pre v7.x code you had to allow it back in. v7.x code onwards you can also use ICMP inspection to achieve this.
Jon
03-26-2009 03:46 PM
What device are you using?
03-26-2009 04:42 PM
John
Assuming a firewall ie. a pix/asa then no because it is stateful so if you allow the traffic one way it will be allowed back in.
Note this applies to TCP/UDP. If you were using ICMP that is not stateful so pre v7.x code you had to allow it back in. v7.x code onwards you can also use ICMP inspection to achieve this.
Jon
03-27-2009 06:52 AM
Thanks Jon :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide