Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Understanding implicit outbound rule.

On a PIX firewall the first rule states that any host can go to any destination on the inside interface. Does this rule allow any traffic from the network to get outside the firewall? The reason that I ask is I've been told that we need to block traffic going out as well as traffic coming in. Our PIXs are set up (I believe) to let anything go out but curtail anything comming in. Is it suggested to control what's going out as well?


Re: Understanding implicit outbound rule.

just to clarify, you have a rule applied on inside interface stating "permit any any", if so, this applies to traffic going outside.

yes it is adviasble to control your outbound traffic, due to the fact that an inside host can be compromised and start blasting traffic towards internet, hence choking your internet link, or an inside host is compromised and becomes a source of an attack.


Re: Understanding implicit outbound rule.

pix by default will permit any traffic originated from higher security level to lower security level, such as from inside to outside or dmz to outside; providing nat/global or static has been configured.

so i believe the pixes you've got are configured to permit all outbound traffic.

further, i guess whether to permit or restrict outbound traffic is based on the security policy.

CreatePlease to create content