Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Ports Blocking ????

hi

I want to block the all ports on my Firewall except 80 and 443.

How can i do it ??

Any link in this regards (Port Blocking)

Thank and regards

2 REPLIES
Community Member

Re: Ports Blocking ????

hi first of all this depends from where u want to block .

whether these are incoming connections on this ports on the outside interface which u want to permit.

whether they are outgoing connections on these ports. cause by default everything is permitted from the inside to the outside. to be more precise all connections are permitted from a higher security level to a lower security level.

for this i am sure u would have configured nat on the first .

then all u need is a access-list on in the inside interface.

eg:access-list 101 permit tcp inside source outside destination eq 80

and the same for 443.

if these are incoming connections on the outside interface. first u need a static nat for the server on which u are expecting connections.

then u will need a access-list on the outside interface.

eg: access-list 102 permit tcp any to the natted address eq 80 and same for 443.

hope this solves ur query.

regards

sebastan

Community Member

Re: Ports Blocking ????

Hi sebastan ,

Thanks for the Ans ...

Yes these are the request form outside interface. and this will work. i will chk it and will discuss with if i get any problem.

eg: access-list 102 permit tcp any to the natted address eq 80 and same for 443.

..

Thanks once agian.

187
Views
3
Helpful
2
Replies
CreatePlease to create content