Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

firewall policy

hi all, I am new to firewall. now we have a FW for internet access. My boss asked me to design some policy to be applied on the FW. Can some of you share some configuration/policy to me. Our DMZ topology is quite simple:

intenet--------internet router--------ASA 5520-----LAN. There are some servers in the LAN, they are: Databased server, Mail server (need to be accessed via internet).

thanks in advance

New Member

Re: firewall policy

I would create a DMZ for the internet based servers

I would suggest somethign more like



Inet router


ASA ---- DMZ with externally accessed servers


Interal router


Internal lans

As far as policy, I would allow the internet uses to access the DMZ resources only on the ports required for functionality.

Allow outboud from the internal network only on the ports required for work.

You actually need 3 seperate policys

1 for the outside interface

1 for the dmz interface

1 for the inside interface

You also need a translation for internal hosts to get out and to access the dmz resources.

CreatePlease login to create content