How to represent all public IPs in a PIX/ASA/FWSM config

Unanswered Question
Apr 13th, 2009

I have a question about creating a rulebase for my FWSMs. We have certain subnets behind a FWSM interface that need to have outbound http access restricted so that they can reach public IPs, but not most of the private ranges.

I come from a Checkpoint background where you did this by putting all your internal nets in a group and then 'negating' that group in the policy to represent public or 'non-internal' nets. Can I do this in ASDM or CSM without having to list all the public IP ranges?

Any ideas or suggestions?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion