Higher Education

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
Frequent Contributor II

ACL Firewall Policy Question

When adding policies to the ACL for any individual role, I am aware that they are read from the top down like any other ACL. What I seemed to have missed somewhere (as I have yet to find the answer), is there an implicit DENY ANY ANY at the end of this list or do I need to add one?

Scott McNeil - Sr. Network & Security Engineer, Global Process Automation
Network+ | CWNA | CWTS | ACSP | ACMP | ACMA | BREC
3 REPLIES
Frequent Contributor II

Re: ACL Firewall Policy Question

There is an implicit deny any any.

If you add a deny any any rule then denied data shows with a D flag in the session table.


Bruce Osborne - Wireless Engineer
ACCP, ACMP
Frequent Contributor II

Re: ACL Firewall Policy Question

Thanks Bob!

 

So then following that logic, I should only need to add rules ALLOWING users to specific address ranges and whatnot, otherwise they are denied. Correct?

 

Also, what about services like telnet (like anyone uses it anymore anyway) or SSH, are they denied as well or will I need specific statements to do so?

Scott McNeil - Sr. Network & Security Engineer, Global Process Automation
Network+ | CWNA | CWTS | ACSP | ACMP | ACMA | BREC

Re: ACL Firewall Policy Question

Everything is denied unless you specify what you want access to and that includes ports/protocols.
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: