Limiting web access.

Answered Question
Feb 14th, 2007

I'm working on an assignment for class in which I have to define rules in a firewall configuration. One of the requirements is to allow users on the internal network to be able to "browse the web". Would I need to limit what ports they can access like HTTP or HTTPS or is this usually left wide open?

I have this problem too.
0 votes
Correct Answer by vitripat about 9 years 7 months ago

All outbound traffic, i.e, traffic originating from a higher security-level interface destined to a lower security-level interface, is left wide open. However, if required, you can limit it to only web access. For that you can apply a access-list on the inside interface and only open following ports-

53 (udp) - for DNS

80 (tcp) - for HTTP

443 (tcp) - for HTTPS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
vitripat Wed, 02/14/2007 - 16:43

All outbound traffic, i.e, traffic originating from a higher security-level interface destined to a lower security-level interface, is left wide open. However, if required, you can limit it to only web access. For that you can apply a access-list on the inside interface and only open following ports-

53 (udp) - for DNS

80 (tcp) - for HTTP

443 (tcp) - for HTTPS

Actions

This Discussion