cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
560
Views
0
Helpful
1
Replies

ASA- Open certain outgoing ports on Any to Any

Mokhalil82
Level 4
Level 4

Hi

We have an ASA firewall in the data centre and certain ports are open to everyone going out. So any to any on the outbound on ports like 80, 443, 8443, 22, 23.

We have a big business with over 400 branches so this seemed like a good idea. 

My question is, is this safe in terms of security as our manager has highlighted this as a security concern.

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

Well if you dont allow 80 and 443 then nobody can use the Internet. If you're OK with that then block them.

8443 is less commonly used but is an SSL/TLS alternative port.

22 (ssh and sftp) could be blocked except for sites with a business need and then to authorized users.

23 (telnet) should not generally be used. It is insecure.

In addition to the above toughts, a better approach is to allow ports (especially the 80 and 443) but layer some security in for web and filtering and DNS intelligence. Like Cisco FirePOWER which can analyze URLs to enforce your acceptable use policy and analyze file transfers to block Malware. Like Cisco Umbrella (former OpenDNS) to block DNS lookups to suspicious domains and known bad sites.

View solution in original post

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

Well if you dont allow 80 and 443 then nobody can use the Internet. If you're OK with that then block them.

8443 is less commonly used but is an SSL/TLS alternative port.

22 (ssh and sftp) could be blocked except for sites with a business need and then to authorized users.

23 (telnet) should not generally be used. It is insecure.

In addition to the above toughts, a better approach is to allow ports (especially the 80 and 443) but layer some security in for web and filtering and DNS intelligence. Like Cisco FirePOWER which can analyze URLs to enforce your acceptable use policy and analyze file transfers to block Malware. Like Cisco Umbrella (former OpenDNS) to block DNS lookups to suspicious domains and known bad sites.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: