Buy or Renew
Buy or Renew
Join the Catalyst Center Onboarding Ask Me Anything event happening now!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
404
Views
0
Helpful
3
Replies

CBAC Firewall Locations

Go to solution
rasoftware
Level 1
Level 1

‎03-14-2006 07:01 AM - edited ‎03-03-2019 12:03 PM

Am I better to place the CBAC inspection on the outside "out" or inside "in" interface?

Is there a rule as with standard and exteneded ACLs?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pkhatri
Level 11
Level 11
In response to rasoftware

‎03-14-2006 03:23 PM

Yes, I would also think that it's better to apply it in the outside interface because that is more likely to be the point of entry for malicious traffic.

Paresh

View solution in original post

0 Helpful
3 Replies 3

Go to solution
pkhatri
Level 11
Level 11

‎03-14-2006 03:11 PM

Hi,

The general rule with filtering is to filter as early as possible. However, your circumstances will dictate whether you place it on the inside or the outside interface.

Paresh

0 Helpful

Go to solution
rasoftware
Level 1
Level 1
In response to pkhatri

‎03-14-2006 03:16 PM

I'm guessing unless I need specific inspections for the inside "in" ie DMZ and LAN I would be better putting this on the outside "out" to prevent un-necessary traffic coming into the router then getting dropped?

I ask because I inherited two routers on a new network, one seems to filter on LAN other onthe outside.

0 Helpful

Go to solution
pkhatri
Level 11
Level 11
In response to rasoftware

‎03-14-2006 03:23 PM

Yes, I would also think that it's better to apply it in the outside interface because that is more likely to be the point of entry for malicious traffic.

Paresh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card