Zone Based Firewall - Permit Firewall

mattrgeemattrgee Posts: 201Member
Hi guys,

I'm just looking at the zone based firewall and creating a couple of my own rules. At the bottom of the edit rule screen there are 3 actions to choose from: Permit Firewall, Permit ACL and Drop.

The third is pretty obvious, but could somewhere explain the difference between the first two as the naming is a little ambiguous? Thanks.

Comments

  • jezg76jezg76 Posts: 97Member ■■□□□□□□□□
    I am about to take this exam and have been studying for a few months for it, so I'll give it a shot. :)

    Permit Firewall uses the command inspect under the policy-map, which allows the stateful inspection to occur on the traffic defined in the class-map. This stateful inspection allows the return traffic via the state table.

    Permit ACL uses the command pass under the policy-map, which applies no stateful inspection of the traffic defined by the class-map. This is unidirectional. If pass is applied in one direction, a pass must be applied coming from the other direction. This did cause me issue in my studies so I figured I'd just put that out there.
    policy-map type inspect TACO
    class type inspect BELL
    drop log
  • mattrgeemattrgee Posts: 201Member
    Right, gotcha. Appreciated.
  • JavonRJavonR Posts: 245Member
    jezg76 wrote: »
    I am about to take this exam and have been studying for a few months for it, so I'll give it a shot. :)

    Permit Firewall uses the command inspect under the policy-map, which allows the stateful inspection to occur on the traffic defined in the class-map. This stateful inspection allows the return traffic via the state table.

    Permit ACL uses the command pass under the policy-map, which applies no stateful inspection of the traffic defined by the class-map. This is unidirectional. If pass is applied in one direction, a pass must be applied coming from the other direction. This did cause me issue in my studies so I figured I'd just put that out there.

    Great explanation, thanks.
Sign In or Register to comment.