Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1355
Views
0
Helpful
2
Replies

ASA access-group question

Go to solution
networkadmin411
Level 1
Level 1

‎12-18-2019 10:25 AM

If a firewall is configured with a global access-group and an interface in access-group, what the order that access-lists would be processed?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎12-18-2019 10:50 AM

Hi,
An ACL applied to an interface is processed before the global ACL.

Usually I find most organisations don't use a global ACL, just an interface ACLs.

FYI, a control-plane ACL is applied before an interface ACL, but the control-plane only processes traffic destined to the ASA itself, where as the interface/global ACL processes traffic through the ASA.

HTH

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎12-18-2019 10:50 AM

Hi,
An ACL applied to an interface is processed before the global ACL.

Usually I find most organisations don't use a global ACL, just an interface ACLs.

FYI, a control-plane ACL is applied before an interface ACL, but the control-plane only processes traffic destined to the ASA itself, where as the interface/global ACL processes traffic through the ASA.

HTH
0 Helpful

Go to solution
networkadmin411
Level 1
Level 1
In response to Rob Ingram

‎12-18-2019 11:39 AM

This matches what I thought. I am in the process of migrating multiple firewalls away from global ACLs and wanted to be sure that I was on the right path. Thank you.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card