I've used an outbound statement because it's running an old config full of conduits and other outbound lists. So not that easy to change it to use access-lists. Anyway the above filter is not working. Have i done it correctly?
What i want to do is to stop the outside interface to be able to send tcp 80 out to that ip, so that users cant access the site. I couldnt change the outbound list on the inside interface because it's for outgoing_src not destinations.
What do you mean "also tried getting rid of the outbound statement on the inside interface", how do you expect it to work if you get rid of the outbound statement?
When your users browse to this web site, are they using the name or the actual IP address? If they're using a name, are you sure that name maps to this IP address specifically? What if they put http://126.96.36.199 in their browser, does that work correctly?
Can you enable syslogging and then try and go to that web site and send us the syslogs? Can you include the full PIX config (omit the password lines and change the public IP addresses)?
I can't apply the list on the inside interface because, there is an existing outbound list bound for that interface for outabound sources. This list is configured to permit certain ip's to be allow through to the outside. Without this list all ips will be able to go to the outside interface.
apply another outbound list to the inside interface. There can be more than one outbound group applied in one interface. If you need to permit few and deny many users, use "outbound 11 deny 0 0" and after that permit particular hosts. As you know, outbound lists are processed linearily and the most specific rule "wins".
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...