I'm looking to lock down our outbound internet access list, our previous admin set up the outbound list on the firewalls with an ip any any rule, now we have to lock it down. Other then asking people what ports they need open to what IP's, how do you guys recommend going through and getting a list of ports I need open. I have all the syslogs and I've been going through it manualy gathering ports...but it seems like such a tedious, unreliable task since I know I'll miss alot.
The only way to really know is to get everyone together and find out what apps run on what ports. Then create object groups and add the ports as you need them. In the object group you just add the ports and it does nothing to your ACL you apply. It just adds the additional ports to the ACL via the object group
Create a temporary grouping of ports you know are in use.
You can get a sniff of traffic using ethereal or something like that which is free and just capture some traffic and parse through it.
Then add in what you believe you need.
One way to find out if a port is needed is to put up a ACL and find out who yells. Not always easy but a guarentee to find what you need.
If you do this I would check to see if ASA's can do object groups. when creating an object group and need to make changes you affect the object group only and it changes the ACL for you. When adding new ports it is very easy and removing them is just as easy.
Might want to set up NBAR protocol discovery to see what is running now. That will make the analysis easier at least, even if you have to stick an NBAR-enabled router in the link as a temporary measure. Search CCO for NBAR and you should find info.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...