Thus spake [EMAIL PROTECTED], on Wed, Jan 09, 2002 at 10:56:49AM +0800: > > > Hello. > > Correct me if I'm wrong but FW1 with NO rules defined (when installing the FW), > allows all traffic to pass... > > I'm not familiar with Cisco PIX, but is that the same case? >
No, the Cisco PIX follows the ASA (Adaptive Security Algorithm) meaning that a connection from a higher security interface to a lower security interface is always allowed, except when explicitly denied, and a connection from a lower security interface to a higher security interface is always denied except allowed. See more in: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/config/overvw.htm So if you mean by "traffic to pass" the traffic for outbound connections then the answer is yes. The other way around is no. But you can do access-li acl_out permit tcp any any access-li acl_out permit udp any any access-li acl_out permit icmp any any and access-g acl_out in interface outside > Regards > -- Jose Celestino <[EMAIL PROTECTED]> --------------------------------- Systems Administration SAPO.pt - http://www.sapo.pt --- "No small art is it to sleep: it is necessary for that purpose to keep awake all day." -- Nietzsche
