When you say if you remove the "permit ip any any" and you can't access anything does that include the other things allowed in your access-list or is all access denied ?
As for security if you have a "permit ip any any" then
1) You don't need all the other entries in your access-list unless you want to record how many times each rule is accessed
2) Yes it is a security risk. Firewalls are there to limit traffic generally and by permitting ip any any you have negated one of it's main purposes. I'm assuming this is your main Internet facing firewall.
You should really troubleshoot your ACL's. Do a "Show Access-list" to see the counters on the ACE. If you're not seeing any counters then something is configured wrong. If all the counters are going to the "IP ANY ANY" you really need to rethink your ACL seutp. If you are indeed having counters on those entries, and you're still not getting what you need, maybe do a debug. If you're able to slap something in front and do a TCPdump or what have you even better. The key here is to NOT allow "any any's" and get only the traffic needed over the firewall.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...