Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
732
Views
0
Helpful
1
Replies

firewall policy

att-sgcops
Level 1
Level 1

‎01-18-2007 06:00 AM - edited ‎03-11-2019 02:21 AM

hi all, I am new to firewall. now we have a FW for internet access. My boss asked me to design some policy to be applied on the FW. Can some of you share some configuration/policy to me. Our DMZ topology is quite simple:

intenet--------internet router--------ASA 5520-----LAN. There are some servers in the LAN, they are: Databased server, Mail server (need to be accessed via internet).

thanks in advance

Labels:
0 Helpful
1 Reply 1

martybarron
Level 1
Level 1

‎01-18-2007 06:43 AM

I would create a DMZ for the internet based servers

I would suggest somethign more like

Inet

|

Inet router

|

ASA ---- DMZ with externally accessed servers

|

Interal router

|

Internal lans

As far as policy, I would allow the internet uses to access the DMZ resources only on the ports required for functionality.

Allow outboud from the internal network only on the ports required for work.

You actually need 3 seperate policys

1 for the outside interface

1 for the dmz interface

1 for the inside interface

You also need a translation for internal hosts to get out and to access the dmz resources.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card