Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Re-doing firewall rules

Hi,

I want to lock down my firewall, basically anyone on the inside of the network can connect to any resource to the internet (msn, torrents, rdp etc etc).

I want to lock down my firewall so that only http, https, smtp is allowed (i can add more later).

What command lines would I do for the following there?

Everyone's tags (3)
5 REPLIES

Re-doing firewall rules

Are you using Cisco IOS firewall or ASA?

New Member

Re-doing firewall rules

Cisco PIX 515

New Member

Re-doing firewall rules

anyone

New Member

Re-doing firewall rules

Is anyone able to help?

Re: Re-doing firewall rules

If you don't have an acl on the inside interface, the Pix allows all traffic out by default. In order to control what goes out, you'll need an acl Anything that's not in the list will be denied. To do this on the Pix would be like the following:

access-list INSIDE permit tcp any any eq 443

access-list INSIDE permit tcp any any eq 80

access-list INSIDE permit tcp any any eq 25

access-group INSIDE in interface Inside

HTH,

John

Please rate all useful posts...

HTH, John *** Please rate all useful posts ***
879
Views
5
Helpful
5
Replies