Policy direction

Forum|Forum|5 years ago
August 10, 2020
1 reply
3565 views

Hi, Interface1 interface2

I have created the policy source is interface 1 and destination is interface 2

Why do I have to create a policy in reverse direction ( I mean source is interface 2 and destination is interface 1)

Thanks

Best answer by James_G

sims wrote:

Why do I have to create a policy in reverse direction ( I mean source is interface 2 and destination is interface 1)

Umm, you don't, unless you have sessions starting from interface 2

Too little info here to help

James_GAnswer

New Member

sims wrote:

Why do I have to create a policy in reverse direction ( I mean source is interface 2 and destination is interface 1)

Umm, you don't, unless you have sessions starting from interface 2

Too little info here to help

simsAuthor

Explorer II

Hi,

Sorry for the confusion .

My question was this client A from VLAN100 is accessing 443 on server A which is in VLAN 101,

in that case do I need reverse policy from VLAN 101 to VLAN 100

sorry for my english

Thanks

lobstercreed

New Member

Of course not, as James said. Unless the server A in VLAN 101 initiates connections to client A in VLAN 100, no policy in the reverse direction would be needed. That's one of the most basic things that should be understood about stateful firewalls.

If you're defining stateless ACLs (like on a Cisco switch or something) then you need all that reverse stuff, but the whole point of firewalls is that they are far superior to that.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded