[c-nsp] What's the value of ASA/FWSM TCP state bypass?
Peter Rathlev
peter at rathlev.dk
Tue Nov 10 16:26:10 EST 2009
On Tue, 2009-11-10 at 10:44 -0600, James Slepicka wrote:
> Just keep in mind that traffic through the firewalls usually* needs to
> be symmetric. Be sure to account for that in your design.
>
> *
> https://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_tcpstatebypass.html
I've read about this, but I fail to see what the point is. If the
firewall doesn't do stateful inspection, then why use a firewall? Why
not just a router/switch with L4 ACLs?
What am I missing?
--
Peter
More information about the cisco-nsp
mailing list