02-14-2017 08:33 AM - edited 03-12-2019 01:56 AM
Hello,
I have a firewall rule( ACL) that allows connection between source 1.1.1.1 and destination 2.2.2.2 on any port.
access-list outbound extended permit ip host 1.1.1.1 host 2.2.2.2
Question:
If I remove above rule and add it back again(~after 1 min), will the above connection still works? In other words, How long will the above connection work after I remove acl?
Really appreciate your response.
Thanks,
Ashish
02-14-2017 12:58 PM
I think it will stop working immediately.
02-26-2017 07:02 AM
As far as I know, if it's a TCP connection, current established connections will remain up until they end or timeout, removing the acl will not kill them.
You will have to "clear conn" them to forcibly shut them out, then they will be denied until you re-add the acl.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide