Refer to this link regarding the Global ACL in a Cisco ASA firewall and below are some its caveats.
Global access policies are network policies that are applied to all the interfaces on an ASA. These policies are only applied to inbound network traffic. You can create a global access policy to ensure that a set of rules is applied uniformly to all the interfaces on an ASA.
Only one global access policy can be configured on an ASA. However, a global access policy can have more than one rule assigned to it, just like any other policy.
This is the order of rule-processing on the ASA:
- Interface access rules
- Bridge Virtual Interface (BVI) access rules
- Global access rules
- Implicit deny rules
ciscoasa(config)# access-list MY_GLOBAL_ACL extended permit ip any any
ciscoasa(config)# access-group MY_GLOBAL_ACL ?
configure mode commands/options:
global For traffic on all interfaces
in For input traffic
out For output traffic
<cr>
ciscoasa(config)# access-group MY_GLOBAL_ACL global
