11-09-2022 07:18 AM
Good day!
I have a question regarding the ACL.
For security reason, is it better to configure in and outbound rules to deny both directions, or just the inbound rules?
Or do you prefer to create an inbound rule for the other vlan netork to deny it on both directions?
So if i want to allow one port i would have to allow this in two rules, instead of one.
What is your best practise?
Kind regards,
Brian
11-09-2022 07:26 AM - edited 11-09-2022 07:27 AM
Hello,
That's a difficult question to answer because it will boil down to your company's requirements.
To answer your other question about allowing a port in both directions. It depends, again. Does the source/destination port change or stay the same? If you send out https packets (port 443) does the return traffic use port 443, probably not since it'll be the port the PC used as its source port.
The boarder answer to your question I suppose would be restrict everything you can and allow only what's needed as best as you can.
All in all you need to understand the packet flow and applications of your network to better understand which ACLs would be beneficial.
Hope that helps.
-David
11-13-2022 11:40 AM
I am need to decide the ACL IN/OUT then I will draw topology and mention Inbound and Outbound traffic and then finally I will put ACL in right position.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide