Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
707
Views
0
Helpful
1
Replies

Service Policy For SFR

Harmeet Singh
Level 1
Level 1

‎04-09-2017 01:37 AM - edited ‎03-12-2019 02:11 AM

i,

My configuration is:

access-list TEST extended permit ip host x.x.x.x host y.y.y.y

access-group TEST out interface outside

class-map IPS

 match access-list TEST

policy-map global_policy

 class IPS

  sfr fail-open monitor-only

service-policy global_policy global

Now i have a confusion. As shown above I have an ACL and applied on outside interface for outward direction.

Can I use the same ACL for direction the traffic to SFR module because the ACL is applied on outgoing interface and traffic goes to SFR before touching the outgoing interface.

Harmeet

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎04-09-2017 02:13 AM

Yes, you could use the same access-list for both.  It would be easier though to pass all traffic through FirePower ...

policy-map pm-asasfr
 class class-default
  sfr fail-open

service-policy pm-asasfr interface outside

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card