Re: PIX Configuration

admin_2 · ‎04-05-2004

I am configuring a PIX 515e. Want to deny all outgoing traffic but the ports I allow. I was trying to configure a service group to use inside of PDM for web traffic. I add http and https but the rule does not work.

I can deny all traffic but to try and allow it without using the all TCP traffic does not work.

Is there a list of what the services convert to and which are need to do simple transactions. (ie Browse the web and send and recieve email)

j.hato · ‎04-06-2004

HI,

Here are the sample config:

object-group service InternetTCP tcp

port-object eq http

port-object eq https

port-object eq domain

access-list acl_out permit tcp host 10.5.70.25 any object-group InternetTCP

access-group acl_out in interface inside.

Make sure the inside can connect to outside before you apply for the access-group.

HATO

Report Inappropriate Content · ‎04-07-2004

Thank you for the info but once I apply the access group to the interface I lose the ability to browse.

Any ideas?

j.hato · ‎04-07-2004

Hi,

Try to log everything,

PIX(config)# logging timestamp

PIX(config)# logging buffer debugging

PIX(config)# logging on

PIX(config)# show log

Please verify the log, make sure your tcp traffic won;t got blocked. When blocked try to add the tcp/udp ports to the service-group

HATO