While an access control list and a firewall have some similar aspects they are significantly different.
An access control list can be used for many different purposes (such as filtering traffic on an interface, or be used in a distribute list to filter routing updates, or be used in a dialer list to identify interesting traffic, or be used in Policy Based Routing to make a routing decision, and other purposes). I believe that your question relates to the function of filtering traffic on an interface). An access control list is an implementation of a type of logic that can selectively permit or deny certain packets to go through an interface. A firewall is a device which examines traffic passing through a part of the network and makes decisions about what to let through and what to block.
Those are the similarities. Now lets talk about the differences. I would say that the first difference is that the firewall has one purpose and one use (to examine traffic and selectively pass or block that traffic) while an access list potentially has many uses.
Another important difference is that an access list does stateless inspection. By stateless inspection I mean that the access list looks at a packet and has no idea of what has come before. If an access list examines a packet that is TCP with the ACK bit set the access list can only believe that this is an acknowledgement packet but has no idea whether there is really a conversation to which this packet belongs. A firewall usually does stateful inspection. By stateful inspection I mean that the firewall not only sees the TCP packet with the ACK bit set, but the firewall can know whether there was a proper beginning of this TCP conversation.
There are other differences. But I would say that these are the two main differences.
はじめに確認方法Version による Application name の変更について備考参考情報 はじめに本ドキュメントでは Cisco SD-WAN における Policy 上で設定可能な Application を確認する方法について記載しています。 確認方法サポートされている Application name についてはご使用されている vManage へ API を呼び出して確認することが可能です。https://<IP or FQDN>/...
DMVPN (Dynamic Multipoint VPN) Introduced by Cisco in late 2000 is a routing technology you can use to build a VPN network with multiple sites (spokes) without having to statically configure all devices. It’s a “hub and spoke” network, where the spok...
On 24th August 2021, Cisco announced the latest IOS XE release - Cisco IOS XE Bengaluru 17.6.1a
IOS XE 17.6.1a unlocks various routing features and enhancements comprehensively covering different technology segments such as voice, security,...
DMVPN (Dynamic Multipoint VPN) Introduced by Cisco in late 2000 is a routing technology you can use to build a VPN network with multiple sites (spokes) without having to statically configure all devices. It’s a “hub and spoke” network, where th...
SummaryRequirementsConfiguration StepsVerificationFAQTroubleshootingReferences & Tools
In the past when IOS 12.x was hot stuff we used MD5 to authenticate OSPF neighbors. This worked great on ethernet networks because OSPF is a m...