I have a couple of webserver residing in my DMZ and it is serving pages to both the Public and Private Networks. Problem is that I cannot seem to initiate any session from the DMZ to either the public or private networks. I.e., cannot initiate a Telnet, FTP nor HTTP from DMZ to Public or Private nets. I'm running a PIX 515 IOS 6.1
I figured out that ACL's are required for traffic to be allowed out from the DMZ. Unlike the Trusted Network where everything is allowed out the DMZ does not behave this way. Here's what I did to allow the traffic out to the Public Net from the DMZ.
access-list dmzin permit tcp any any q www
acces-list dmzin permit tcp any any eq telnet
**As you may have figured out DMZIN is my access group for my DMZ.
In these two examples I'm allowing both www and telnet outbound to the public net from the DMZ.
You may want to be a little (a LOT) more selective in what traffic you allow your DMZ to initiate. In fact, you may want to deny everything and simply let specific things out. If everyone did this then Nimda and all those other nasty little worms would have been nothing more than a blip on the map. Also, if someone manually cracks your box, but you're blocking telnet/ftp/whatever outbound, he'll not be able to jump off of your box to attack others, saving you an embarrasing phone call, or worse-a spot on attrition.org.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...