11-03-2011 02:49 PM - edited 03-11-2019 02:45 PM
Hi,
I am new to Cisco firewalls. We are moving from a different vendor to ASA 5520s. So far my "training" for Cisco consists of s Cisco press book, some white papers and guides, this website, and a bunch of mistakes. So, I have what is probably a pretty basic question for most folks.
Can some one help me understand the difference between Firewall Access Rules and ACL/ACE? And when to use which?
for example: on my ASA 5520s I've set up an Interface for my internal LAN: 172.16.x.x., a DMZ 192.168.2.0/24, and an interface for the Internet side. The 5520 is set up as a routing firewall betwen my internal lan, DMZ, and Internet.
If I want to allow my internal users Internet access for http and https would I use a Firewall Access rule?
For most of my rules allowing outbound access from my 172 LAN and DMZ and inbound access to devices in my DMZ can I mostly utilize the Firewall Access Rules?
Under what circumstance would I use ACL/ACE?
Any help greatly appreciated.
Dan
Solved! Go to Solution.
11-03-2011 07:07 PM
Hello Dan,
Imagine what it was to try to study for the CCSP track with the same info! It was a bit hard. Now, ACE/ACL part is the one you use to "match" traffic, for example a QoS policy for specific users, VPN interesting traffic and so on, the Firewall rules are the actual ACLs that allow or deny traffic.
Let me know if you need more clarification.
Mike
11-03-2011 07:07 PM
Hello Dan,
Imagine what it was to try to study for the CCSP track with the same info! It was a bit hard. Now, ACE/ACL part is the one you use to "match" traffic, for example a QoS policy for specific users, VPN interesting traffic and so on, the Firewall rules are the actual ACLs that allow or deny traffic.
Let me know if you need more clarification.
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide