Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
5
Helpful
2
Replies

ACLs and Service Policies on FW??

CiscoBrownBelt
Level 6
Level 6

‎04-17-2018 03:04 PM - edited ‎02-21-2020 07:38 AM

OK,  I have a lab FW where both interfaces are security level 0 and there are no ACLs applied to any of the interfaces (inside, outside), and there are Global Policy inspection_default rule actions for common protocols such as SIP, ICMP, FTP, etc., this means all this type of traffic can go in and out of the FW interfaces?

Labels:
0 Helpful
2 Replies 2

Dennis Mink
VIP Alumni
VIP Alumni

‎04-17-2018 07:14 PM

no, inspection is not the same as ACLs.

 

for instance if you inspect FTP, you would still need to put an acl in place to allow ftp.

 

inspection is done on a application layer, its inspects the traffic and opens up ports dynamically, for instance sip inspection, allows RTP to be opened up so voice can traverse the FW without explicit allow rules

Please remember to rate useful posts, by clicking on the stars below.

CiscoBrownBelt
Level 6
Level 6
In response to Dennis Mink

‎04-18-2018 07:05 AM

Ok. There are no ACLs applied to the interfaces (inside, outside) and both are set to security level 0.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card