Network ACLs

A deep dive into Network ACL - Practical ver.

Before getting started

Things that can control the network besides firewalls

• Routing Table

  • Controls where to send packets

• Network ACL

  • Transmits or blocks packets based on rules

What are Network ACLs?

• Rules that determine whether to block or allow certain packets

• Configured rules apply to all resources, so you can't set too many

  • They apply to all resources in the subnet

    • Therefore, Network ACLs must be well designed

      • Why? Even if the firewall (SG) is properly configured, access may be blocked due to a Deny Rule in the Network ACL

• The more Network ACL rules there are, the more confusing firewall configuration becomes, so it's best to keep Network ACL rules as concise as possible

  • If firewall settings are done properly, you don't need to configure Network ACLs separately!

Rule number in Network ACLs

• Network ACL rules have priorities

  • They are applied in order of highest priority (Rule number)!

Network ACLs and Well Known Ports

• The reason why 1024 - 65535 is allowed in the Port Range of Network Inbound rules

  • == Because they are Well Known Ports!

    • Learn about well known ports