Cisco ASA 5505 Firewall - Trying to understand implicit rules

Posted on 2010-11-17
Medium Priority
Last Modified: 2012-05-10
A coworker created and later deleted the SMTP exception on the Cisco ASA 5505 firewall shown in the image.  I want to better understand the implicit setting that appears below the SMTP exception.  When he deleted the SMTP exception, it disappeared and the implicit rule disappeared as well.  Does the implicit rule still exist even though it isn't visible?
Question by:jdana
  • 2
  • 2
LVL 43

Accepted Solution

JFrederick29 earned 1000 total points
ID: 34156518
The implicit deny can not be removed.  There is always an implicit "deny ip any any" at the bottom of an access-list.

What ASDM may have done is removed the access-list since you deleted the last rule in the list.

Assisted Solution

jdana earned 0 total points
ID: 34156957

If I understand you correctly, the implicit rule is still in effect even though it isn't visible?

LVL 43

Assisted Solution

JFrederick29 earned 1000 total points
ID: 34157023
As long as an acess-list is bound to the interface, yes.  If there is no access-list, the implicit nature of the Firewall takes place which is to allow all traffic from a higher security interface such as the inside interface to a lower security interface such as the outside.

Author Closing Comment

ID: 34216107

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question