<div>
If I'm understanding your question correctly, you can put an ACL on each interface specifying exactly what you want to let through, and everything else will be denied by default. &nbsp;If you want, you can put an explicit &quot;deny any any&quot; rule at the bottom, although you really don't need to. &nbsp;If you want to log what's being denied, then do &quot;deny any any log&quot;. &nbsp;Make sure you apply the ACLs on each interface with the access-group command. &nbsp;Just be aware that's going to change the default behavior of permitting traffic from a more trusted interface if it's going out a less trusted interface; if you put an ACL on the inside interface, you will have to explicitly allow everything you want to go out.
</div>


If I'm understanding your question correctly, you can put an ACL on each interface specifying exactly what you want to let through, and everything else will be denied by default.  If you want, you can put an explicit "deny any any" rule at the bottom, although you really don't need to.  If you want to log what's being denied, then do "deny any any log".  Make sure you apply the ACLs on each interface with the access-group command.  Just be aware that's going to change the default behavior of permitting traffic from a more trusted interface if it's going out a less trusted interface; if you put an ACL on the inside interface, you will have to explicitly allow everything you want to go out.

<div>
Thanks, but I'm looking for a routing command. &nbsp;<br />
Something like &nbsp; &nbsp; ip route 192.168.0.0 255.255.0.0 Null0<br />
I know it works on a router, but does it work on an ASA?<br />
Regards,
</div>


Thanks, but I'm looking for a routing command.  
Something like     ip route 192.168.0.0 255.255.0.0 Null0
I know it works on a router, but does it work on an ASA?
Regards,

<div>
<div class="content wysiwyg-content">
I would like to force all traffic that I don't specifically want into the bit bucket. &nbsp; I understand that's what ACE do, but I'd like it on the route statement as well. &nbsp;Routers can do this easly, but can't find anything for the ASA.
</div>
</div>


I would like to force all traffic that I don't specifically want into the bit bucket.   I understand that's what ACE do, but I'd like it on the route statement as well.  Routers can do this easly, but can't find anything for the ASA.

ASA Null route?

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.