01-30-2020 06:06 PM - edited 02-20-2020 09:46 PM
Hi All-
We are looking at various methods of network segmentation. We initially implemented DACLs. My security guy is somewhat suspect of this as the DACL seems to only allow limits on traffic leaving the interface, not on traffic entering the interface. So now we are looking into SGTs and SGACLs as a remedy for this situation. The long term goal here is SDA, but we have some work to do before we are ready for that. We are working on TrustSec / SGTs as an intermediate step. My question is this, using TrustSec (and SDA for that matter) do I still only have limits on traffic leaving the interface?
01-30-2020 08:25 PM
Not sure I understand correctly?
Traffic Leaving the interface vs traffic entering the interface (is this a server? or end devices like desktop or PC)
again depends on the requirement and use case. ( so add a bit more information will be much useful)
there is a good explanation in this thread for help :
https://community.cisco.com/t5/other-security-subjects/dacl-vs-sgacl/m-p/2747660
01-31-2020 04:45 AM
02-01-2020 04:08 AM
good white paper for medical device
https://www.cisco.com/c/dam/en/us/products/collateral/security/medical-nac-white-paper.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide