How does the FTD appliance handle return traffic for an ACP?
I hope I have the correct board for this question. I have what I hope to be a simple question. My question is how does the FTD appliances, such as the 2130, handle return traffic for a given rule for an access control policy? For instance, if I create a rule to allow a source security zone & network/host to a destination security zone & network/host on destination TCP ports 80 & 443, how will the appliance handle the traffic that comes back in response to the initial request? Will it be blocked, allowed, or will I need to specify the ephemeral range in my rule?
Thanks for your quick response. So as long as the originating traffic is held in the session table, the FTD engine will allow the return traffic without any other filtering to take place. For instance, traffic from zone A on source TCP port 49152 to zone B on destination TCP port 80 will be allowed to return from zone B on source TCP port 80 to zone A on destination TCP port 49152 although I don't have an explicit rule opened to allow any traffic on destination TCP port 49152. Is that correct?
Are you responsible for risk management, compliance management and auditing of a network?
If so, we’d like to speak with you to learn your current processes of enforcing compliance and managing risk to help us develop services that will ...
Once you've expanded Cisco Secure Endpoint connector deployment to about 50% of your licensed count (check out this article that shows you how to do that), it's time to put those connectors to action i.e. convert them to Protect from Audit mode for vari...
Hello! I’m Betsy, UX Researcher, on the Cisco+ Secure Connect Now team. Nice to meet you all .We have a short survey to learn about your Zero Trust Network Access (ZTNA) journey. Whether you have, plan to, or have not implemented a ...
A set of interface access rules can cause the Cisco Adaptive Security Appliance to permit or deny a designated host to access another particular host with a specific network application (service). When there is only one client, one host and one se...
How To: Cisco ISE Captive Portals with Aruba Wireless
Authors: Adam Hollifield, Brad Johnson
IntroductionPrerequisitesMinimum RequirementsComponents UsedConfigurationAruba Wireless ControllerWLAN CreationAuthentication ConfigurationRole & Policy Confi...