hpmservices
asked on
Pix 501 block all outbound ports
I want to block all outbound ports, then open only ports I need like 80, 8080, 5001, 443 and so on.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
peteLong has provided correct ans for this
The Pix assumes that all traffic originating from the inside is safe and therefore allows all outbound connections on any port, by default.
I think this is a huge security hole and poor design for Cisco or any firewall!
So, if you define an access-list on the inside interface, as described above, you will effectively limit outbound traffic to only traffic defined in the access-list.
Donnie
I think this is a huge security hole and poor design for Cisco or any firewall!
So, if you define an access-list on the inside interface, as described above, you will effectively limit outbound traffic to only traffic defined in the access-list.
Donnie
access-list outbound permit tcp any any eq http
access-list outbound permit tcp any any eq https
access-list outbound permit tcp any any eq 8080
access-list outbound permit tcp any any eq 5001
access-group outbound in interface inside
Will only let Ports 80, 8080, 5001 and 443 out and block everything else