07-15-2008 08:59 AM - edited 03-11-2019 06:14 AM
Hi, We have been using ASA for last ne year and its working fine, now can I block the inside machines that means 2 machines are available in inside zone now i want that first machine not able to access or communicate with second machine, is it possible becoz the traffic wont bypass through firewall when both communicate. Thanks
Solved! Go to Solution.
07-15-2008 09:42 AM
If both machines are in 'same subnet', then both will communicate 'directly' and will never each the firewall. You have the following options:
> Change the switch
> Change the network design
> Play around with some routes/proxy-arp
> NAT one of the machines on the firewall etc.
Regards
Farrukh
07-15-2008 09:03 AM
You can use an access-list (VLAN or PORT) on the switch to block this communication.
Regards
Farrukh
07-15-2008 09:36 AM
Here, the Switch is not managable and all switch are connected with inside interface of FW, now is it possible?
07-15-2008 09:42 AM
If both machines are in 'same subnet', then both will communicate 'directly' and will never each the firewall. You have the following options:
> Change the switch
> Change the network design
> Play around with some routes/proxy-arp
> NAT one of the machines on the firewall etc.
Regards
Farrukh
07-15-2008 09:47 AM
Thanks Farruth.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide