The following section
describes the difference between inbound and outbound ACL in the context of the Security Appliance and how to
control network access through the appliance using access lists.
Note
Transparent mode supports two types of access lists: Extended ACLs used for Layer 3 traffic filtering and
EtherType ACLs used for Layer 2 traffic filtering.
Controlling Inbound and Outbound Traffic Through the Security Appliance by
Using Access Lists
Traffic can be examined in either direction on an interface, by using an inbound ACL for traffic entering into the
Security Appliance and an outbound ACL for traffic exiting the Security Appliance. The main things to
understand about the access list application on Security Appliance are the following:
For traffic originating from a lower-level interface to a higher-level interface, an inbound ACL is required
on the source interface to specifically allow the traffic (or else the packet will be dropped). An optional
outbound ACL can be configured on the destination interface. Refer to Figure 6-19.
Figure 6-19. Inbound Versus Outbound ACL
[View full size image]
For traffic originating from a higher-level to a lower-level interface, no access list is required, because
traffic is permitted by default.
Pages:
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309