Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
224
Views
0
Helpful
1
Replies

Firewall Help!

wayne loh
Level 1
Level 1

‎06-25-2014 07:28 AM - edited ‎03-11-2019 09:23 PM

Hi All,

I'm newbie on the firewall policy configuration. As far as I know, the policy configuration always need to allow both ways. Exm allows services Port1 --> Port2, Port2 --> Port1 in order for both to communication. I've noticed the policy on the internal to wan is always a single policy and it works both way too as from the internal able to reach internet after the nat and flow back to internal.

 

Pls advise would be greatly appreciated. Many thanks.

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-25-2014 07:43 AM

For a stateful firewall (such as the Cisco ASA), it keeps track of tcp connections (and udp flows) in its connection table. When traffic is returning in response to an internally-initiated communication, that table finds a connection record and allows the return traffic to transit without requiring matching an access-list.

Only when traffic is initiated from outside does it need an explicit access-list to be allowed into the inside (or other interfaces of higher security level than outside).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top