Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
335
Views
5
Helpful
1
Replies

CSPM and ACL creation

SteveGodfrey
Level 1
Level 1

‎01-14-2003 08:58 AM - edited ‎02-20-2020 09:20 PM

I'm using CSPM 3.1 to manage a PIX 525.

I've built a fairly complex policy using CSPM and at the end I've got a rule that will block access from the inside to the internet on port 80. The next rule allows access from the inside to the internet on all ports.

I was expecting this to simply block port 80 as the block rule is first, but this doesn't happen. The hosts have full access on port 80 to the internet.

I need to disallow port 80 and allow all other ports.

CSPM doesn't build the ACL's as I would expect, any suggestions for getting around this problem?

Thanks

Labels:
0 Helpful
1 Reply 1

tvanginneken
Level 4
Level 4

‎01-14-2003 02:43 PM

Hi,

the pix processes the ACL's from top to bottom. So if your 'block rule' is before the 'allow rule', the traffic should be blocked.

But did you apply the ACL to the inside interface? You need the 'access-group' command for this:

access-group acl_name in interface inside

Kind Regards,

Tom

Customers Also Viewed These Support Documents