Link to home
Create AccountLog in
Avatar of entserv

asked on

Outgoing access rule

Need advice on how to best setup outgoing access from a DMZ when restricting certain ports.  By default I understand that the implicit rule is to allow all traffic to any less secure networks.  As soon as I add any rule in there that is more restrictive the implict rule goes away.  I understand that concept.  Where I'm struggling with is that I want my DMZ servers to be able to have certain access out - such as http, ftp, smtp - but nothing else.  I don't want to do 'any, any' because then access to  the Inside network would be available.  I tried to addres the Outside network - but that didn't work either.  I also tried - via ASDM - to put in 'any less secure networks' - but it wouldn't allow.  How do I best accomplish this?  I'm just a little wary of allowing full access outbound to the internet from the DMZ like the implicit rule specifies - or is that always the way it's done?
Avatar of grblades
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of entserv


Haha yikes - that makes too much sense!  I wasn't sure if there was 'proper' way to do it and this seems to be it.  Coming from another firewall vendor's world it's taking a bit to get used to how Cisco does things.  Thank you so much!!
Forced accept.

EE Admin