Firewall ACL Bypass
Before the accomplishing of the Firewall ACL Bypass feature, a packet was accountable to processing for three searches
(inbound ACL, outbound ACL, and the affair table of the firewall). As discussed earlier, the activating ACL access is a aftereffect of
the agnate affiliation advice begin in the affair table that validates the affair as actuality legitimate; therefore,
checking the packet adjoin the entering and outbound ACL entries was accounted bombastic and no best necessary. The
extra checks can be alone to save CPU cycles. Bypassing the ACL analysis accessory capacity the packet to one search
only (the affair table) during the packet processing aisle through the router. Figure 5-6 shows how this works. The primary
benefit in this affection is that the achievement of the packet throughput is bigger by about 10%.
Figure 5-6. Firewall ACL Bypass—Order of Packet Processing
[View abounding admeasurement image]
Because the firewall ACL bypassing is performed by default, you can configure CBAC analysis as normal. This affection is
transparent to the user, and no added commands are appropriate to accredit or attenuate it.
This affection was alien in IOS Version 12.3(4)T.