Higher Education

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
Frequent Contributor I
Posts: 228
Registered: ‎09-14-2011
ACL Firewall Policy Question

When adding policies to the ACL for any individual role, I am aware that they are read from the top down like any other ACL. What I seemed to have missed somewhere (as I have yet to find the answer), is there an implicit DENY ANY ANY at the end of this list or do I need to add one?

Scott McNeil - IT Specialist, Global Process Automation
Network+ | CWNA | ACSP | ACMP | ACMA | BREC
Contributor II
Posts: 140
Registered: ‎05-12-2010
Re: ACL Firewall Policy Question
[ Edited ]

There is an implicit deny any any.

If you add a deny any any rule then denied data shows with a D flag in the session table.

Bruce Osborne - Wireless Engineer
ACCP
Frequent Contributor I
Posts: 228
Registered: ‎09-14-2011
Re: ACL Firewall Policy Question

Thanks Bob!

 

So then following that logic, I should only need to add rules ALLOWING users to specific address ranges and whatnot, otherwise they are denied. Correct?

 

Also, what about services like telnet (like anyone uses it anymore anyway) or SSH, are they denied as well or will I need specific statements to do so?

Scott McNeil - IT Specialist, Global Process Automation
Network+ | CWNA | ACSP | ACMP | ACMA | BREC
MVP
Posts: 1,418
Registered: ‎10-25-2011
Re: ACL Firewall Policy Question
Everything is denied unless you specify what you want access to and that includes ports/protocols.
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Search Airheads
Showing results for 
Search instead for 
Did you mean: