«

»

Mar 24

Clear Established Connection before Implemeting new Restrictive Rule to Firewall

A firewall doesnt check rule set for a connection which is already established.This means that if two devices have established connection through firewall and you add Deny rule afterward it wouldnt terminate the session already in progress. To become rule effective this connection needs to be terminated or use following command with different vairst to clear pre-established connections. Normally Servers and PCs terminate and initiate connections as soon as data transfer is done but some application can keep connection live for longer time and might never termiate unless system is restarted.

ASA5520# clear local-host ?

  Hostname or A.B.C.D     Clear local host information corresponding to this ip
                          address
  Hostname or X:X:X:X::X  Clear local host information corresponding to an IPv6
                          address
  all                     Clear local host information including to-the-box and
                          from-the-box

Leave a Reply

%d bloggers like this: