We have a requirement of only allowing certain port range access 'back through' a firewall from B to A, when a connection already exists from A to B, so for example, A connects to B on port X, and when that connection is established, B can then connect to A from port Y01 to Y99. I have been looking at the established keyword, but cant seem to find any way of limiting that to a given IP or set of IPs - is this even possible?
Sorry to be a pain, but just to ensure that I understand the above, using the below example:
inside hosts (higher security): 10.1.1.0/24
DMZ hosts (lower security): 10.1.2.0/24
If i have a requirement whereby I need to allow 10.1.2.1 to communicate to 10.1.1.1 over port 1000/tcp, only if there is an existing connection from 10.1.1.1 to 10.1.2.1 over port 80/tcp, I would use the global command:
established tcp 80 0 permitto tcp 1000 permitfrom 1024-65535
when this command is used, there is no way of restricting it to these two hosts, and if for arguments sake 10.1.1.100 connected to 10.1.2.100 over port 80, then 10.1.2.100 could connect to 10.1.1.100 over port 1000 also?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...