02-13-2018 01:05 AM - edited 02-21-2020 10:45 AM
Hi - We have ASA 5516-X firewall in our infra; we have a requirement to allow any service from vulnerability scanner to scan the ASA firewall device.
What is the way to allow this traffic as we cannot use interface ACL to restrict the acccess
Regards
Senthil Murugan
02-13-2018 01:34 AM
There is no single switch to allow this. You have to allow it service by service like that:
ssh IP-OF-VUL-SCANNER 255.255.255.255 inside http IP-OF-VUL-SCANNER 255.255.255.255 inside
02-13-2018 01:37 AM
Thanks Karsten, unfortunately that is not practically possible for all 65535 service and that too both TCP & UDP.
Is there anyway i can give "any" service for those scanner IPs to scan the Firewall.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: