Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Pix 506 E

How do I block outbound traffic?

1 REPLY
Community Member

Re: Pix 506 E

Apply an access-list to the inside interface. Say you only want to allow http, ftp and https outbound you would do something like the following.

access-list acl_inside permit tcp any any eq 80

access-list acl_inside permit tcp any any eq 443

access-list acl_inside permit tcp any any eq 21

access-group acl_inside in interface inside

I would review what traffic you want allowed outbound then apply the access-list.

When you want to make additions to your ACL down the road, say you forgot to allow DNS from your internal network, you then just add the new ACL. (You want to allow DNS in your initial access-list)

access-list acl_inside permit udp any any eq 53

125
Views
0
Helpful
1
Replies
CreatePlease to create content