Zone Based Firewall - Permit Firewall

mattrgee

Hi guys,

I'm just looking at the zone based firewall and creating a couple of my own rules. At the bottom of the edit rule screen there are 3 actions to choose from: Permit Firewall, Permit ACL and Drop.

The third is pretty obvious, but could somewhere explain the difference between the first two as the naming is a little ambiguous? Thanks.

jezg76

I am about to take this exam and have been studying for a few months for it, so I'll give it a shot.

Permit Firewall uses the command inspect under the policy-map, which allows the stateful inspection to occur on the traffic defined in the class-map. This stateful inspection allows the return traffic via the state table.

Permit ACL uses the command pass under the policy-map, which applies no stateful inspection of the traffic defined by the class-map. This is unidirectional. If pass is applied in one direction, a pass must be applied coming from the other direction. This did cause me issue in my studies so I figured I'd just put that out there.

mattrgee

Right, gotcha. Appreciated.

JavonR

jezg76 wrote: »

I am about to take this exam and have been studying for a few months for it, so I'll give it a shot.

Permit Firewall uses the command inspect under the policy-map, which allows the stateful inspection to occur on the traffic defined in the class-map. This stateful inspection allows the return traffic via the state table.

Permit ACL uses the command pass under the policy-map, which applies no stateful inspection of the traffic defined by the class-map. This is unidirectional. If pass is applied in one direction, a pass must be applied coming from the other direction. This did cause me issue in my studies so I figured I'd just put that out there.

Great explanation, thanks.