I'm working on a migration from ASA to FortiGate 60E. Currently moving the ACL's.
If there is an ACL like this:
access-list HACK_access_in extended permit object-group DM_INLINE_PROTOCOL_5 X.X.X.X 255.255.255.0 any4
And if I look at the assigned interfaces:
access-group outside_access in interface outside
access-group LAN_access_in in interface LAN
access-group PRIV_access_in in interface PRIV
access-group CloudMgmt_access_in in interface CloudMgmt
access-group CloudExt_access_in in interface CloudExt
access-group dev_network_access_in in interface DevNetwork
access-group dev_network_access_out out interface DevNetwork
access-group Visitor_access_in in interface Visitor
access-group global_access global
It isn't there, so it means that the ACL is not in use? I understand that if you want to apply an ACL on all inbound connections, you use global ACL's, but this isn't one, right? I'm probably having massive brainfart right now, but I just can't remember this.
No comments:
Post a Comment