Implicit Behavioral Differences

From DocWiki

(Difference between revisions)
Jump to: navigation, search
(New page: ==Implicit Behavioral Differences== The following table lists the implicit behavioral differences between FWSM and ASA. {| class="wikitable" |- !'''Implicit Behavior''' !'''Behavior in FW...)
(Re-worded description of FWSM implicit deny for clarity.)
 
(One intermediate revision not shown)
Line 1: Line 1:
==Implicit Behavioral Differences==
==Implicit Behavioral Differences==
The following table lists the implicit behavioral differences between FWSM and ASA.
The following table lists the implicit behavioral differences between FWSM and ASA.
-
{| class="wikitable"
+
{| border="1" cellpadding="2"
-
|-
+
!width="250" align="left" style="background:#99CCFF;" |'''Implicit Behavior'''
-
!'''Implicit Behavior'''  
+
!width="450" align="left" style="background:#99CCFF;" |'''Behavior in FWSM'''
-
!'''Behavior in FWSM'''  
+
!width="250" align="left" style="background:#99CCFF;" |'''Behavior in ASA'''
-
!'''Behavior in ASA'''  
+
|-
|-
| Implicit Deny
| Implicit Deny
-
| Implicit deny between all interfaces.
+
| By default, implicit deny for all IP traffic between interfaces, regardless of security level.
| Implicit permit from high security to low security interfaces.
| Implicit permit from high security to low security interfaces.
|-
|-

Latest revision as of 01:11, 7 May 2010

Implicit Behavioral Differences

The following table lists the implicit behavioral differences between FWSM and ASA.

Implicit Behavior Behavior in FWSM Behavior in ASA
Implicit Deny By default, implicit deny for all IP traffic between interfaces, regardless of security level. Implicit permit from high security to low security interfaces.
ICMP to-the-box deny Implicit ICMP deny to the interface. Implicit permit.
NAT matching for statistics Static NAT and static PAT (regular and policy static command) -- Best Match. In the case of overlapping address in the static statements, a warning is displayed, but they are supported. The order of static commands does not matter; the static statement that best matches the real address is used. Static NAT and static PAT (regular and policy static command) -- In order until the first match.

Rating: 5.0/5 (1 vote cast)

Personal tools