silly question

- J
- jason
  
  Contact options for registered users
posted
18 years ago

Thu, Jul 28, 2005 11:06 AM

Loading thread data ...

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Thu, Jul 28, 2005 2:37 PM

In article , jason wrote: :forgive the extremely simple question, it's been about 8 years since :i've configured a PIX acl ruleset.

:is there a built-in default deny for all traffic between all hosts, or :do you need to add that rule yourself?

In PIX 5.x, 6.x, the default is to deny all new flows from a lower security level to a higher security level.

In PIX 5.x, 6.x, there is no way to allow flows between two interfaces at the same security level.

In PIX 5.x, 6.x, if an interface has no access-group applied to it, then the default is to allow all new flows to lower security levels. However, as soon as an access-group is applied to it, the default changes to implicitly deny any new flows which are not explicitly permitted.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.