When you write "only in my inside", i understand you are talking about outbound trafic. In this case, you have the same security than having a NAT apply to any inside host who are able to communicate with anyone on any ports. If you have NAT configured, your command is useless. In bothcase (public addresses without NAT or private addresses with NAT), you should restrict your users to the ports you want they use.
Also, you should restrict outbound trafic initiated by your internal servers. In most case, those servers don't need to communicate with the outside.
Thank´s, I´m feel better, but I have another question,( the last I hope) isn´t clear for me When you said Block all outgoing packets and limit the scope port numbers, can you give me an example? please!, I use in DMZ only 2 servers, one www server´s and one of MS Exchange, and I configure only next lines:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...