Subnet/NACL relation

Can there be a NACL without any subnet attached to it ? If that's the case what is the use of NACL in that case as the whole purpose is adding an extra layer of security ?
  • post-author-pic
    Phil Z

    Yes, you can have an NACL without any subnets associate with it, but the NACL will not have an effect on any subnets in that case. The NACL is a resource that defines behaviors (network rules), and the subnet is a piece of the network that those rules apply to. It wouldn't make much sense to create an NACL without the intention to define a subnet, but you might create two different NACLs, and switch them on and off of the same subnet while you're testing network security, for example. You can also store multiple NACLs without applying them in case you want to create a new rule but want to easily revert back to the previous one (by applying it again). In short, NACLs provide a way to organize and manage network rules, as well as define the rules themselves. Hope that helps!

Looking For Team Training?

Learn More