11-25-2012 08:19 AM - edited 03-11-2019 05:27 PM
Hello everyone
forgive me but i am trying understand the ASA firewalls more i come from a router zone based firewall background but the ASA seem to have less advance firewall?
the ASA seem to reply more on ACLS were the ZBR seems to use the class map for layer 4 inspection
to me the ZBF seems to have been advanced more in the config compared to the ASA
am i missing something ? are the ACLs on a ASA different to the kind on a router do they inspect traffic like the class map?
any info would be great
thanks
Ben
Solved! Go to Solution.
11-25-2012 10:24 AM
Hello Ben,
Yes, it will... That is the whole purpose of a deep packet inspection and stateful firewall as the ASA.
The ASA has already some built-in inspection rules that will allow traffic to return when this traffic is innitiatted on the higher security level interface.
Regards,
11-25-2012 08:54 AM
Hello Ben,
The ACLs are going to be the simple layer 3-4 check but you can use layer 7 inspection in order to perform more advanced and granular inspection with the use of the Modular Policy Framework ( MPF)
Regards
11-25-2012 10:13 AM
will the ASA allow return traffic like a class map would on a router?
the ASA sounds almost like the IOS firewall but needs inspection rules to return traffic does the ASA do this the same way?
11-25-2012 10:24 AM
Hello Ben,
Yes, it will... That is the whole purpose of a deep packet inspection and stateful firewall as the ASA.
The ASA has already some built-in inspection rules that will allow traffic to return when this traffic is innitiatted on the higher security level interface.
Regards,
11-25-2012 11:20 AM
ah i see thats great thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide