Just got a C150 a little bit ago and was wondering if theres a way to allow only specific IP or MAC address from a accessing the management port to configure the firewall. I've disabled HTTP, and FTP access to the firewall to improve security but didn't want to remove HTTPS as being in physical contact to use the serial port would be a little out of the question as I'd like some remote access as I travel between offices.
So if you have any ideas on how to improve security, or if I'm just stuck dealing with HTTPS, any responses would be greatly appreciated.
As far as I have been able to tell, there is no way to do this. The underlying operating system is based on FreeBSD, and therefore has ipfw, which would do what you want. But there is no interface to ipfw exposed in AsyncOS.
Your only recourse is to use an external firewall.
This feature is currently planned for a future release. I can't remember which release it was in, but I've got a feeling that it's not all that far away...
In most environments we recommend putting the IronPort into a DMZ area, in which case you can block all access to the management port (and basically everything except port 25) from the Internet using rules on the Firewall itself.
Thanks for the information. I couldn't find anything else, but as I've only had it for a bit, I thought I'd ask you guys/girls as you have much more experience. Thanks for replies and hope to see this feature in the future :D
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...