01-19-2010 03:32 AM - edited 03-11-2019 09:58 AM
Hi
I am using pix firewall.firewall is connected outside interface is connected to ISP;Inside interface is connected to a switch and users are connected to the switch.
Without configuring a access list to allow incoming traffic,is it possible for users to go online.
Please help.
Regards
Arulkumar
01-19-2010 04:52 AM
arulkumar80 wrote:
Hi
I am using pix firewall.firewall is connected outside interface is connected to ISP;Inside interface is connected to a switch and users are connected to the switch.
Without configuring a access list to allow incoming traffic,is it possible for users to go online.
Please help.
Regards
Arulkumar
Arulkumar
Yes it is because the pix is a stateful firewall and it allows traffic from the inside to the outside without an access-list so the return traffic will be allowed back in.
What you will need to configure though is some form of NAT/PAT. Usually for internet access -
nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 interface
Jon
01-19-2010 05:47 AM
Hi,
As long As Global (outside) & nat (inside) are configured , (the inside and outside keywords refer to the interface"s names) , you dont need any access-list , as from Higher Security level to lower Security level , traffic are allowed to pass.
from Lower Security level Access to Higher Security level, An Access-list or Conduit must be used to permit the traffic.
HTH
Mohamed
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: