08-03-2007 05:54 AM - edited 03-11-2019 03:53 AM
So I'm going to be running a pix 501 with two web servers. In order to make it as secure as possible I'm doing port forwarding (from a router), through the pix, to the web server. Now here is where i need help... Do I have to create ACLs for each and every port to make it secure? What is the best way to go about doing this, because I don't want to open up to much.
Thanks
08-04-2007 09:44 AM
I am not sure why you need to do it twice. Lets just say if your web server is in the Inside zone with an ip address of 192.168.1.10 and the public IP is 200.200.200.1, this is what you need to do.
!
static (inside,outside) tcp 200.200.200.1 www 192.168.1.10 www netmask 255.255.255.255
!
access-list outside_in extended permit tcp any host 200.200.200.1 eq www
!
access-group outside_in in interface outside
!
This should help you out. Do the same way for the second server.
-Hoogen
08-05-2007 03:08 PM
See, One way you can implement security on WEBSERVER.
1) You must have to PATCH the server before you live it.
2) You must have to do hardning of server. (See Webserver hardning procedure.)
3) You must have password of mean .. web admin.
4) after you need access-list. USE FIXUP command to change port no than default.
Regards,
Dharmesh Purohit
08-05-2007 03:16 PM
Also see for bes practice of IIS security :
Page NO 90
Regards,
Dharmesh Purohit
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: