12-07-2005 10:05 AM - edited 03-09-2019 01:17 PM
On a PIX firewall the first rule states that any host can go to any destination on the inside interface. Does this rule allow any traffic from the network to get outside the firewall? The reason that I ask is I've been told that we need to block traffic going out as well as traffic coming in. Our PIXs are set up (I believe) to let anything go out but curtail anything comming in. Is it suggested to control what's going out as well?
12-07-2005 01:22 PM
just to clarify, you have a rule applied on inside interface stating "permit any any", if so, this applies to traffic going outside.
yes it is adviasble to control your outbound traffic, due to the fact that an inside host can be compromised and start blasting traffic towards internet, hence choking your internet link, or an inside host is compromised and becomes a source of an attack.
12-07-2005 03:49 PM
pix by default will permit any traffic originated from higher security level to lower security level, such as from inside to outside or dmz to outside; providing nat/global or static has been configured.
so i believe the pixes you've got are configured to permit all outbound traffic.
further, i guess whether to permit or restrict outbound traffic is based on the security policy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide