@Adam-Tyler said in Router ACL vs Firewall ACL?:
Going through the CCENT and CCNA courses I am playing a lot with ACLs. One thing that twists my brain a little bit is the concept of reflexive or sometimes called statefull ACLs/firewall rules... On a standard ISR is it correct that you have zero option to support return traffic automatically? This isn't supported until you get to a firewall?
There isn't a special license you can unlock on a router or anything? Any other exceptions or notes regarding this and support through firewalls, routers, and layer 3 switches?
You can implement the Cisco IOS Firewall from the Cisco IOS, you have to have probably with the Security license on 15.x on the older 12.x you may have to look for 12.x T train to have the firewall feature. This is a full stateful firewall.
Also not every router will support the feature set either. Cisco ISR (800, 1800, 2800 and 3800), Cisco 7200 and 7301 and others. You can do a google search on all the models that support it.
You'll also need to get access to Cisco Configuration Professional (CCP) that runs on Java.