11-08-2020 12:32 PM
Hi Everyone,
Can somebody clarify my if I put access control rule in AC policy in firepower that allow traffic from A to B does it automatically permit traffic from B to A? I mean, do I need a new rule that will allow opposite direction?
for example, let's have a rule that allow 192.168.1.0/24 network to 192.168.2.0/24.
If i try to ping from .2.0 to .1.0 will it be allowed?
Best regards,
Stefan
11-08-2020 12:38 PM
If you permit traffic from A to B and A initiates the communication, the return traffic from B will be permitted. You would need a rule from B to A if B initiates the communication.
HTH
11-08-2020 02:20 PM
The return traffic will be allowed. However, if you ping you need to make sure that icmp inspect command is present in the policy-map configuration or the return traffic will not be allowed. TCP will be "inspected" and allowed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide