cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
638
Views
0
Helpful
2
Replies

How to allow any traffic destined for ASA firewall itself.

Senthil Murugan
Level 1
Level 1

Hi - We have ASA 5516-X firewall in our infra; we have a requirement to allow any service from vulnerability scanner to scan the ASA firewall device. 

 

What is the way to allow this traffic as we cannot use interface ACL to restrict the acccess

 

Regards

Senthil Murugan

2 Replies 2

There is no single switch to allow this. You have to allow it service by service like that:

ssh IP-OF-VUL-SCANNER 255.255.255.255 inside
http IP-OF-VUL-SCANNER 255.255.255.255 inside

Thanks Karsten, unfortunately that is not practically possible for all 65535 service and that too both TCP & UDP.

Is there anyway i can give "any" service for those scanner IPs to scan the Firewall.

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: