Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

firewall policy

hi all, I am new to firewall. now we have a FW for internet access. My boss asked me to design some policy to be applied on the FW. Can some of you share some configuration/policy to me. Our DMZ topology is quite simple:

intenet--------internet router--------ASA 5520-----LAN. There are some servers in the LAN, they are: Databased server, Mail server (need to be accessed via internet).

thanks in advance

1 REPLY
New Member

Re: firewall policy

I would create a DMZ for the internet based servers

I would suggest somethign more like

Inet

|

Inet router

|

ASA ---- DMZ with externally accessed servers

|

Interal router

|

Internal lans

As far as policy, I would allow the internet uses to access the DMZ resources only on the ports required for functionality.

Allow outboud from the internal network only on the ports required for work.

You actually need 3 seperate policys

1 for the outside interface

1 for the dmz interface

1 for the inside interface

You also need a translation for internal hosts to get out and to access the dmz resources.

161
Views
0
Helpful
1
Replies
CreatePlease login to create content