Which access rule is disabled automatically after the g…

Which access rule is disabled automatically after the global access list has been defined and applied?

Which access rule is disabled automatically after the global access list has been defined and applied?

A.
the implicit global deny ip any any access rule

B.
the implicit interface access rule that permits all IP traffic from high security level to low security level interfaces

C.
the implicit global access rule that permits all IP traffic from high security level to low security level interfaces

D.
the implicit deny ip any any rule on the global and interface access lists

E.
the implicit permit all IP traffic from high security level to low security level access rule on the global and interface access lists

Explanation:
http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/ security_manager/4.3/user/guide/fwaccess.html
Understanding Device Specific Access Rule Behavior
If you do not create an access rule policy, the following is the default behavior based on the type of device, and what happens when you create an access rule:
·IOS devices–Permit all traffic through an interface.
When you create an access rule permitting source A to destination B without configuring TCP/UDP inspection on the inspection rule table, or configuring the
established advanced option on the rule, the device permits any packet from A to B. However, for any returning packet from B to A, the packet is not allowed,
unless there is a corresponding access rule permitting that packet. If you configure TCP/UDP inspection on the traffic the inspection rule table, a rule permitting B to
A is not needed in the access rule, as any returning packet from B to A automatically passes the device.
·ASA and PIX devices–Permit traffic from a higher-security interface to a lower-security interface. Otherwise, all traffic is denied.
If an access rule allows TCP/UDP traffic in one direction, the appliance automatically allows return traffic (you do not need to configure a corresponding rule for the
return traffic), except for ICMP traffic, which does require a return rule (where you permit the reverse source and destination), or you must create an inspection rule
for ICMP.
·FWSM devices–Deny all traffic entering an interface, permit all traffic leaving an interface. You must configure access rules to allow any traffic to enter the device.



Leave a Reply 0

Your email address will not be published. Required fields are marked *