my profile | register | search | faq | forum home

» Security Internetworking Experts   » Security   » CCIE Security Lab Forum   » service policy global or intrerface

UBBFriend: Email this page to someone!

Author Topic: service policy global or intrerface Vortex77 Jr Member Member # 30497 posted June 05, 2012 10:27 PM                    When configuring MPF on ASA to prevent inside users from accessing a specific website, do we have to apply the policy map on the inside interface , or under the global policy. What difference does it make? And in the exam, how do you know what Cisco wants, as i guess if you apply it globally or on the inside interface , it works. Posts: 10 | From: Bangalore | Registered: Jan 2011  |  IP: Logged ccietobe9 Member Member # 31901 Rate Member posted June 06, 2012 07:10 AM                    This kind of request would be applied to the interface where the request is entering the ASA firewall. If the users are initiating traffic from inside interface then it needs to be applied on the inside interface. Like website is hosted on the internet lets say cisco.com, and users from inside are accessing it, then to I would apply on the inside interface. When in doubt, proctor can answer these kind of questions. Posts: 37 | From: US | Registered: Jan 2012  |  IP: Logged futbolking83 Guru Member # 31103 Rate Member posted June 21, 2012 08:22 AM                    global policy is applied to all interface in the ingress and a service policy on a specific interface has bidirectional inspection.... Posts: 109 | From: NoVa | Registered: Jul 2011  |  IP: Logged

All times are Eastern Time

Printer-friendly view of this topic

Hop To: Select a Forum: Category: Security -------------------- CCIE Security Lab Forum CCIE Security Written Forum I passed my CCIE Lab!!! Other Cisco Security Certification Category: Private Class Forum -------------------- 12/13/10 - 12/17/10 - CCIE Security Mock Lab Boot Camp

Contact Us | Security Internetworking Experts