03-03-2010 06:59 AM - edited 03-11-2019 10:17 AM
I have gone through all the docs but cannot find any mention on how to set up a "reject" instead of the regular "deny" in an access rule. I have some legacy Checkpoint Firewalls and want to migrate them over to some of my ASAs. Some rules ont he Checkpoint specifically state "reject" (for NetBIOS stuff etc.). Is this possible ont he ASA?
How do you "reject" certain traffic, while still doing a "deny" and a "permit" on other traffic?
Thanks
Joerg
03-03-2010 08:13 AM
It depends on what you mean by reject. If you mean sending a Reset then you can enable it global with "service resetinbound" and "service resetoutbound" for packets denies by ACLs.
I hope it helps.
PK
03-03-2010 08:47 AM
So it is a global setting? So I need to decide if I want a reset send for every deny or non at all?
03-03-2010 09:04 AM
Unfortunately you cannot do it on a per rule basis.
For protocols that the ASA can inspect like http etc, you can send resets based on matched criteria and that is done using class maps and policy maps. not use what you protocols are, so I am not sure.
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide