I'm configuring a 515E and I want to deny all traffic from inside to internet except ports 80, 443, 25, 100 and 143. From default all traffic is allowed because inside interface has the higher security level, isn´t it? I know that I must use access-list, but I don´t know exactly how. Inside network is 10.112.11.0/24 and the internet router is 192.168.10.250 (PAT interface for outside is 192.168.10.1) Ports 25, 100 and 143 are opened by an Exchange Server in 10.112.11.180. I'm trying the following:
access-list ins_out permit tcp 10.112.11.180 any eq 25
access-list ins_out permit tcp 10.112.11.180 any eq 100
access-list ins_out permit tcp 10.112.11.180 any eq 143
access-list ins_out permit tcp 10.112.11.0 255.255.255.0 any eq 80
access-list ins_out permit tcp 10.112.11.0 255.255.255.0 any eq 443
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...