[c-nsp] What's the value of ASA/FWSM TCP state bypass?

Peter Rathlev peter at rathlev.dk
Tue Nov 10 16:26:10 EST 2009


On Tue, 2009-11-10 at 10:44 -0600, James Slepicka wrote: 
> Just keep in mind that traffic through the firewalls usually* needs to
> be symmetric.  Be sure to account for that in your design.
> 
> * 
> https://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_tcpstatebypass.html

I've read about this, but I fail to see what the point is. If the
firewall doesn't do stateful inspection, then why use a firewall? Why
not just a router/switch with L4 ACLs?

What am I missing?

-- 
Peter




More information about the cisco-nsp mailing list