<div>
Well, you dont need to deny anything as soon as you allow things then everythign else is blocked so<br />
access-list outbound permit tcp any any eq http<br />
access-list outbound permit tcp any any eq https<br />
access-list outbound permit tcp any any eq 8080<br />
access-list outbound permit tcp any any eq 5001<br />
access-group outbound in interface inside <br />
&nbsp;Will only let Ports 80, 8080, 5001 and 443 out and block everything else<br />

</div>


Well, you dont need to deny anything as soon as you allow things then everythign else is blocked so
access-list outbound permit tcp any any eq http
access-list outbound permit tcp any any eq https
access-list outbound permit tcp any any eq 8080
access-list outbound permit tcp any any eq 5001
access-group outbound in interface inside
 Will only let Ports 80, 8080, 5001 and 443 out and block everything else


<div>
peteLong &nbsp;has provided correct ans for this
</div>


peteLong  has provided correct ans for this

<div>
The Pix assumes that all traffic originating from the inside is safe and therefore allows all outbound connections on any port, by default. <br />
I think this is a huge security hole and poor design for Cisco or any firewall!<br />
<br />
So, if you define an access-list on the inside interface, as described above, you will effectively limit outbound traffic to only traffic defined in the access-list.<br />
<br />
<br />
Donnie <br />

</div>


The Pix assumes that all traffic originating from the inside is safe and therefore allows all outbound connections on any port, by default.
I think this is a huge security hole and poor design for Cisco or any firewall!

So, if you define an access-list on the inside interface, as described above, you will effectively limit outbound traffic to only traffic defined in the access-list.


Donnie


<div>
<div class="content wysiwyg-content">
I want to block all outbound ports, then open only ports I need like 80, 8080, 5001, 443 and so on.
</div>
</div>


I want to block all outbound ports, then open only ports I need like 80, 8080, 5001, 443 and so on.

Pix 501 block all outbound ports

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.