Gregor Blaj Posted February 13, 2020 Share Posted February 13, 2020 Hi, I'm doing a bit of testing with ACLs. With the following ACL in place I would expect the Netscaler not to be able to ping outbound hosts, as return traffic to the NS IP should be blocked. add ns acl Deny_Mgmt DENY -destIP = 192.168.1.10 -priority 100 -logstate ENABLED -stateful NO But this isn't the case, return ICMP traffic is not blocked. I then figured the default (not visible) outbound ACL must be stateful (hence allowing return traffic), so I created another non-stateful ACL specifically allowing outbound ICMP from the NS IP. add ns acl Allow_ICMP -srcIP = 192.168.1.10 -protocol ICMP -priority 110 -logstate ENABLED -stateful NO I can see hits on the Allow_ICMP ACL but return ICMP traffic is still allowed. Why would this be? What is allowing the return traffic? Thanks for any input. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now