Implicit Behavioral Differences
From DocWiki
Revision as of 01:11, 7 May 2010 by Mikecrowe4ics (Talk | contribs)
Implicit Behavioral Differences
The following table lists the implicit behavioral differences between FWSM and ASA.
Implicit Behavior | Behavior in FWSM | Behavior in ASA |
---|---|---|
Implicit Deny | By default, implicit deny for all IP traffic between interfaces, regardless of security level. | Implicit permit from high security to low security interfaces. |
ICMP to-the-box deny | Implicit ICMP deny to the interface. | Implicit permit. |
NAT matching for statistics | Static NAT and static PAT (regular and policy static command) -- Best Match. In the case of overlapping address in the static statements, a warning is displayed, but they are supported. The order of static commands does not matter; the static statement that best matches the real address is used. | Static NAT and static PAT (regular and policy static command) -- In order until the first match. |