not concerned about incoming, we currently have the ASA working fine, but I want to deploy a proxy server (squid) and rather than get bogged down by settings on individual pc's, proxy.pac files and wdat.dat files etc. I want to block the direct access to the internet so that the clients will autodetect the proxy and configure themsleves. I want to test this from a user pc , by getting the rule to operate only on a single IP address (so I dont invoke armageddon from the userbase) does that make it a bit clearer ?
Users are on a their own subnet, so 10.0.0.x is servers, 10.0.1.x are users.
access-l inside-out deny tcp 10.0.1.0 255.255.255.0 any eq 80 <----that will block outbound web
access-l inside-out permit ip any any <---that will premit everything else outbound, probably you didn't have this when things broke
access-group inside-out in interface inside
For ASDM, put an ACL on the inside interface that denies all destination port 80 for source IP addresses being the users, but below that make sure you allow everything else so you don't deny everything with the implicit deny at the end of the ACL.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...