Implicit Behavioral Differences
From DocWiki
(Difference between revisions)
(New page: ==Implicit Behavioral Differences== The following table lists the implicit behavioral differences between FWSM and ASA. {| class="wikitable" |- !'''Implicit Behavior''' !'''Behavior in FW...) |
|||
| Line 1: | Line 1: | ||
==Implicit Behavioral Differences== | ==Implicit Behavioral Differences== | ||
The following table lists the implicit behavioral differences between FWSM and ASA. | The following table lists the implicit behavioral differences between FWSM and ASA. | ||
| - | {| | + | {| border="1" cellpadding="2" |
| - | + | !width="250" align="left" style="background:#99CCFF;" |'''Implicit Behavior''' | |
| - | !'''Implicit Behavior''' | + | !width="450" align="left" style="background:#99CCFF;" |'''Behavior in FWSM''' |
| - | !'''Behavior in FWSM''' | + | !width="250" align="left" style="background:#99CCFF;" |'''Behavior in ASA''' |
| - | !'''Behavior in ASA''' | + | |
|- | |- | ||
| Implicit Deny | | Implicit Deny | ||
Revision as of 20:44, 28 August 2009
Implicit Behavioral Differences
The following table lists the implicit behavioral differences between FWSM and ASA.
| Implicit Behavior | Behavior in FWSM | Behavior in ASA |
|---|---|---|
| Implicit Deny | Implicit deny between all interfaces. | Implicit permit from high security to low security interfaces. |
| ICMP to-the-box deny | Implicit ICMP deny to the interface. | Implicit permit. |
| NAT matching for statistics | Static NAT and static PAT (regular and policy static command) -- Best Match. In the case of overlapping address in the static statements, a warning is displayed, but they are supported. The order of static commands does not matter; the static statement that best matches the real address is used. | Static NAT and static PAT (regular and policy static command) -- In order until the first match. |
