Determining When to Configure Access Lists

To provide the security benefits of ACLs, you should, at a minimum, configure ACLs on border routers, which are routers situated at the edges of your networks. This setup provides a basic buffer from the outside network or from a less-controlled area of your own network into a more sensitive area of your network.

You can configure ACLs so that inbound traffic or outbound traffic, or both, are filtered on an interface. ACLs must be defined on a per-protocol basis. In other words, you should define ACLs for every protocol enabled on an interface if you want to control traffic flow for that protocol.

0 0

Post a comment