Implicit Behavioral Differences

From DocWiki

(Difference between revisions)
Jump to: navigation, search
(Re-worded description of FWSM implicit deny for clarity.)
 
Line 7: Line 7:
|-
|-
| Implicit Deny
| Implicit Deny
-
| Implicit deny between all interfaces.
+
| By default, implicit deny for all IP traffic between interfaces, regardless of security level.
| Implicit permit from high security to low security interfaces.
| Implicit permit from high security to low security interfaces.
|-
|-

Latest revision as of 01:11, 7 May 2010

Implicit Behavioral Differences

The following table lists the implicit behavioral differences between FWSM and ASA.

Implicit Behavior Behavior in FWSM Behavior in ASA
Implicit Deny By default, implicit deny for all IP traffic between interfaces, regardless of security level. Implicit permit from high security to low security interfaces.
ICMP to-the-box deny Implicit ICMP deny to the interface. Implicit permit.
NAT matching for statistics Static NAT and static PAT (regular and policy static command) -- Best Match. In the case of overlapping address in the static statements, a warning is displayed, but they are supported. The order of static commands does not matter; the static statement that best matches the real address is used. Static NAT and static PAT (regular and policy static command) -- In order until the first match.

Rating: 5.0/5 (1 vote cast)

Personal tools