This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Reflexive ACL's are available on fvery few platforms only, e.g. Cisco IOS, but not on Cisco NX-OS (on switches worth then thousands of USD!!! Was told it's a hardware limitation - so you see the importance). Huawei might have something similar on their managed switches.
Definitivley not a feature available on the level of Smart Managed Pro (Web managed) switches.
Reflective filter filters outgoing data packets. If it intercepts a packet that initiates a new session, then, in the opposite direction, it generates a temporary filter item that allows the same packets to pass through session in the opposite direction. The temporary filter entry retrieves its parameters from the outgoing packet:
- The higher layer protocol is the same as the outgoing packet. - The sender's and recipient's IP addresses are switched in the temporary filter entry because of an incoming packet will have these items switched. - The sender and receiver ports are also swapped. (Ports only apply to packets carrying TCP or UDP.)
The temporary item is maintained for the duration of the session. For TCP, it is maintained for 5 seconds after passing the second flagged FIN packet or terminating after passing the flagged packet RST (reject connection). This tactic can only be applied to TCP that establishes a connection. Generally, the "timeout" keyword is used to set the interval after which the timeout period is set deletes the temporary filter entry if the session has been idle for that time.
Reflexive ACL's are available on fvery few platforms only, e.g. Cisco IOS, but not on Cisco NX-OS (on switches worth then thousands of USD!!! Was told it's a hardware limitation - so you see the importance). Huawei might have something similar on their managed switches.
Definitivley not a feature available on the level of Smart Managed Pro (Web managed) switches.
