Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2727
Views
5
Helpful
1
Replies

Understanding the Order/Sequence of check - in a Firewall ( nat / routing / firewall polices)

SJ K
Level 5
Level 5

‎04-29-2016 12:12 PM - edited ‎03-12-2019 12:41 AM

Hi all,

Been trying to twist my head on this,  cant find any proper sequence of the events that will be perform when a packet enter a firewall (ciso firewall in general)..

q1) is it

  • NAT -> Routing ->  Firewall policy check  or
  • NAT -> Firewall policy check -> Routing ?

q2) If it is NAT is the one being done 1st,  assuming that my source IP is being NAT (change to another IP) before it when out of the firewall, in the firewall policy, the source IP  that is to be specified/checked/filter against the firewall policies (is the original source or the source after NAT ?)

Regards,
Noob

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-29-2016 04:48 PM

Please see below for ASA Order of Operations. Routing comes after ACL, stateful inspection and NAT.

The original source address is checked against the policies.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card