Hi,
I come from the ASA side of firewalls. Have a few questions.
1- In the ASA ACL you would have an implicit Deny any any at the end of the ACL. That would block all traffic not explicitly permitted in the ACL. Best practice would be to enter it as an ACE at the last position with the log option.
Is this the same with the ACP on the FTD?
2-With just configuring NAT on the ASA. The traffic from the higher security level can pass to the lever security lever (ex inside (100) outside (0))
On the FTD I notice that the security levels are all level 0 and no place to change this.
Do we have to explicitly permit outgoing traffic before the deny?
Thanks,