Are ports 80 & 443 permitted by default on an ASA?
Recently I was asked to permit port 1494 on an ASA so that the users inside the company could access a remote site Citrix Server. While reviewing the config, I noticed that there is no permit statement for ports 80 and port 443 for the outside interface, but the users behind the ASA could access internet and https traffic.
So, are ports 80 & 443 permitted on an ASA by default once a public IP has been assigned to the outside interface.
Also, will the below config help me to permit port 1494 for the outside interface, so that user application can access the remote Citrix Server.
Re: Are ports 80 & 443 permitted by default on an ASA?
On an ASA, each interface has a security level. Typically, outside has a security rating of 0, and inside has a security rating of 100. The higher the security rating, the higher level of trust.
Because the inside zone has a higher security rating than the outside, no ACL is necessary for traffic to route. However, for people accessing your inside network through the outside interface (in your case, the internet), specific ACL statements must be made to permit traffic. For example, an FTP service on your inside network. For someone to access your FTP server from over the internet, you'd have to put an ACL on the outside interface and permit traffic (you can specify source and destination IPs/ports).
In your situation regarding inside network users needing to access a remote Citrix server, you should not have to do anything except verify that firewall the Citrix server sits behind permits your PAT IP (assuming you use NAT overloading on your outside interface IP address) for access.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...