Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSA 5.1 issue

Folks,

We are in test mode and i find that the system is complaining that a host in our company tried to open a connection at 80 to a server in the company, many of our applications are web based so it is normal, what would be the best way to tune this event?

  • Other Security Subjects
1 REPLY
New Member

Re: CSA 5.1 issue

What I've done is created an exception rule for a group, then add the servers into the group so that the exception only applies to the machines (servers) to allow port 80 connections.

You could make that exception rule part of a rule module that has a system state for IP address ranges internal to your network. In other words, the ALLOW over port 80 will only work on the servers you add to the group and ONLY if the incoming client has an IP address within your network.

90
Views
0
Helpful
1
Replies
This widget could not be displayed.