01-19-2010 03:32 AM - edited 03-11-2019 09:58 AM
Hi
I am using pix firewall.firewall is connected outside interface is connected to ISP;Inside interface is connected to a switch and users are connected to the switch.
Without configuring a access list to allow incoming traffic,is it possible for users to go online.
Please help.
Regards
Arulkumar
01-19-2010 04:52 AM
arulkumar80 wrote:
Hi
I am using pix firewall.firewall is connected outside interface is connected to ISP;Inside interface is connected to a switch and users are connected to the switch.
Without configuring a access list to allow incoming traffic,is it possible for users to go online.
Please help.
Regards
Arulkumar
Arulkumar
Yes it is because the pix is a stateful firewall and it allows traffic from the inside to the outside without an access-list so the return traffic will be allowed back in.
What you will need to configure though is some form of NAT/PAT. Usually for internet access -
nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 interface
Jon
01-19-2010 05:47 AM
Hi,
As long As Global (outside) & nat (inside) are configured , (the inside and outside keywords refer to the interface"s names) , you dont need any access-list , as from Higher Security level to lower Security level , traffic are allowed to pass.
from Lower Security level Access to Higher Security level, An Access-list or Conduit must be used to permit the traffic.
HTH
Mohamed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide