I have a router with a pretty complex ACL structure serving as our internet firewall (using CBAC, I think it's called). I need to troubleshoot FTP access for clients on my network trying to connect to servers on the internet.
My normal method of troubleshooting a thing like this is to ssh to the firewall router and issue a term mon command, then have the user try to do whatever it is we're troubleshooting. Usually that'll show me something being denied and make it easy to figure out how to fix it. But when I do this for the current issue, I don't see any denies, the FTP client just fails to connect, from multiple clients on multiple subnets.
I'm wondering: if the reason a client is being denied is just the implied "deny any" at the end of my outbound ACL, will I see a deny in my term mon output or syslog output, or not?