I'm working on an assignment for class in which I have to define rules in a firewall configuration. One of the requirements is to allow users on the internal network to be able to "browse the web". Would I need to limit what ports they can access like HTTP or HTTPS or is this usually left wide open?
All outbound traffic, i.e, traffic originating from a higher security-level interface destined to a lower security-level interface, is left wide open. However, if required, you can limit it to only web access. For that you can apply a access-list on the inside interface and only open following ports-
53 (udp) - for DNS
80 (tcp) - for HTTP
443 (tcp) - for HTTPS