Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Datacenter Firewall

Hi Experts,

WE have to deploy ASA5585 in between User vlans & server vlans. we have to find all the ports that needs to be opened on firewall.

any tools to do same....

Thanks.

Everyone's tags (2)
2 REPLIES
Community Member

Re: Datacenter Firewall

well, i wouldn't consider myself an expert yet, but here are my 2c..

what kind of traffic are you going to be expecting from the user vlan's to the server vlans? are the server vlans in a windows domain or a linux domain? there are so many things to this. are you going to be having a web proxy? user file share access(smb)? dns traffic, ldap authentication? dhcp on your servers?

also, are you planning to have private vlan's for your servers to further restrict access from user vlans?

edit: wireshark! or just use nmaps to every server to check the open ports and depending on the server roles and make a rule table accordingly

Community Member

Re: Datacenter Firewall

HI Mikull,

Actuall there is mix of Windows n Linux servers, Traffic will be Domain traffic ( LDAP AUTH, DNS, DHCP ) + Various Appilcation traffic ,

we will divide Servers ( system / Application) & then apply rules.

is there any better option than Nmap ,

I mean we can put ASA with  permit any any initial option n then any tools which can take src, destination , port data from ASA itself.

Thanks.

377
Views
0
Helpful
2
Replies
CreatePlease to create content