Cisco FirePOWER ASA 5500 series Configuration Manual page 327
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Permitting or Denying Network Access
This chapter describes how to control network access through the security appliance using access lists.
To create an extended access lists or an EtherType access list, see
Access Lists."
You use ACLs to control network access in both routed and transparent firewall modes. In transparent
Note
mode, you can use both extended ACLs (for Layer 3 traffic) and EtherType ACLs (for Layer 2 traffic).
To access the security appliance interface for management access, you do not also need an access list
allowing the host IP address. You only need to configure management access according to
"Managing System Access."
This chapter includes the following sections:
•
•
Inbound and Outbound Access List Overview
Traffic flowing across an interface in the security appliance can be controlled in two ways. Traffic that
enters the security appliance can be controlled by attaching an inbound access list to the source interface.
Traffic that exits the security appliance can be controlled by attaching an outbound access list to the
destination interface. To allow any traffic to enter the security appliance, you must attach an inbound
access list to an interface; otherwise, the security appliance automatically drops all traffic that enters that
interface. By default, traffic can exit the security appliance on any interface unless you restrict it using
an outbound access list, which adds restrictions to those already configured in the inbound access list.
Note
"Inbound" and "outbound" refer to the application of an access list on an interface, either to traffic
entering the security appliance on an interface or traffic exiting the security appliance on an interface.
These terms do not refer to the movement of traffic from a lower security interface to a higher security
interface, commonly known as inbound, or from a higher to lower interface, commonly known as
outbound.
OL-10088-01
Inbound and Outbound Access List Overview, page 18-1
Applying an Access List to an Interface, page 18-4
C H A P T E R
Chapter 16, "Identifying Traffic with
Cisco Security Appliance Command Line Configuration Guide
18
Chapter 40,
18-1
Advertisement
Table of Contents
Troubleshooting
