While an access control list and a firewall have some similar aspects they are significantly different.
An access control list can be used for many different purposes (such as filtering traffic on an interface, or be used in a distribute list to filter routing updates, or be used in a dialer list to identify interesting traffic, or be used in Policy Based Routing to make a routing decision, and other purposes). I believe that your question relates to the function of filtering traffic on an interface). An access control list is an implementation of a type of logic that can selectively permit or deny certain packets to go through an interface. A firewall is a device which examines traffic passing through a part of the network and makes decisions about what to let through and what to block.
Those are the similarities. Now lets talk about the differences. I would say that the first difference is that the firewall has one purpose and one use (to examine traffic and selectively pass or block that traffic) while an access list potentially has many uses.
Another important difference is that an access list does stateless inspection. By stateless inspection I mean that the access list looks at a packet and has no idea of what has come before. If an access list examines a packet that is TCP with the ACK bit set the access list can only believe that this is an acknowledgement packet but has no idea whether there is really a conversation to which this packet belongs. A firewall usually does stateful inspection. By stateful inspection I mean that the firewall not only sees the TCP packet with the ACK bit set, but the firewall can know whether there was a proper beginning of this TCP conversation.
There are other differences. But I would say that these are the two main differences.
To optimize the database description (DBD) packet exchange between two OSPF neighbors, use the compatible rfc5243 in router configuration mode or address family configuration mode for OSPFv3 AF. To disable RFC5243 optimization, use the no form of this com...
We said always that OSPF is a link-state routing protocol.For most engineer stuying CCNA or CCNP, OSPF is misunsdertanding.In reality, OSPF is a link-state routing protocol only within an area (intra-area); but almost a distance-vector routing protocol be...
A brief difference between ISIS and OSPF link state protocolsISIS and OSPF belongs to the same routing protocol family Link State, but if you study the two routing protocols, you will find several differences, in this article you will get the answer about...
The OSPF Type-2 LSA is one of the misunderstanding LSA among all the popular LSAs in OSPF , most people learns that this kind of LSA (Type-2) is generated by DR the Designated Router in a broadcast segment, for example when two or more than two routers ar...
Table of Contents
RADIUS has been the de-facto protocol for Remote Access Authentication for decades. RADIUS/UDP as defined by RFC 2865 has traditionally used MD5 for authentication and integrity. Unfortunately, successful attacks ...