On a PIX firewall the first rule states that any host can go to any destination on the inside interface. Does this rule allow any traffic from the network to get outside the firewall? The reason that I ask is I've been told that we need to block traffic going out as well as traffic coming in. Our PIXs are set up (I believe) to let anything go out but curtail anything comming in. Is it suggested to control what's going out as well?
just to clarify, you have a rule applied on inside interface stating "permit any any", if so, this applies to traffic going outside.
yes it is adviasble to control your outbound traffic, due to the fact that an inside host can be compromised and start blasting traffic towards internet, hence choking your internet link, or an inside host is compromised and becomes a source of an attack.
pix by default will permit any traffic originated from higher security level to lower security level, such as from inside to outside or dmz to outside; providing nat/global or static has been configured.
so i believe the pixes you've got are configured to permit all outbound traffic.
further, i guess whether to permit or restrict outbound traffic is based on the security policy.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...