We have an ASA5520 which connects our offices to a larger corporate WAN which we deem as hostile. We've always allowed traffic to flow off our network and onto the corporate network without any controls, however, following a recent virus outbreak (which flooded the corporate network with ICMP!) we've been told by our corporate IT Team that we must now restrict outbound traffic.
This is fair enough and to be honest it's something we should have done a long time ago. Because we control inbound traffic via ACL's we know what traffic is allowed in, however, as we've never controlled outbound traffic before I'd like to get an idea of what traffic is heading onto the corporate WAN before I remove the outbound "permit any any" and replace with more specific ACLS's.
My initial plan was to place a probe on the outside of the firewall for around a month to monitor outbound traffic so we can use this info to come out with an appropriate set of rules. I guess this will also highlight any illeigitmate traffic which we can block.
I then wondered if the ASA has any ASDM tools or CLI options that could help with this?
I'd be interested to hear from anyone who's done something similar or knows of any tools (particulary free/shareware) that could help.
Any help greatfully received.