Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 332
  • Last Modified:

Possible bug in 8.0.(3)

We did some testing and applied an ACL, in on our inside interface. It was a deny ip any any
This worked to stop new sessions from going out, but existing sessions were NOT terminated.

They didn't terminate until I went in and did a "clear xlate"

Is this a bug? I seem to remember apply outbound policies before, and it took control right away

This is a pix 515e
0
dissolved
Asked:
dissolved
1 Solution
 
JFrederick29Commented:
I did come across that at one point.  I believe that is normal operation.  Using the clear xlate after applying the access-list would be the correct way to terminate existing connections.  I'm sure it has to do with efficiency.  Once the connection has been established (passed ACL and other checks), the PIX doesn't have to check every packet through the same filters for that connection.
0
 
dissolvedAuthor Commented:
makes sense, thanks
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now