ACLs or Firewalls?
If switches are able to analysis millions of admission packets per additional adjoin ACLs, what
good are firewalls? Put addition way, the catechism is, “What is the aberration amid an
ACL and a firewall?,” or, “Where can I administer ACLs?” The acknowledgment depends on the protection
level you appetite to accommodate and the blazon of attacks you are acceptable to face. ACLs ascendancy which
protocols and/or ports a host can use to ability a target, and that is appealing abundant it. They are
often referred to as “Layer 3 or Layer 4 ACLs” for that reason. Unlike best firewalls, ACLs
behave in a stateless manner. Admission cartage is arrested adjoin the ACL on a packet-perpacket
basis and either alone or acceptable according to the activity that a user chooses. A
stateful firewall, on the added hand, checks admission cartage adjoin a action (which is
actually agnate in appearance and anatomy to an ACL) and creates a affiliation almanac if the traffic
is permitted. Subsequent packets that accord to this affiliation are automatically permitted
without rechecking the ACL. Although this allows for accomplished advertisement and logging (for
example, a firewall makes it accessible to accommodate admission and accounting logs on a per-connection
basis), it comes with assertive drawbacks.