troubleshooting Question

Pix 515 ACL Question

Avatar of ejaramillo
ejaramillo asked on
Anti-Virus AppsCisco
4 Comments1 Solution594 ViewsLast Modified:
Experts,

I'm installing a content filter that will sit behing a Pix firewall in proxy mode. What I plan on doing on the pix is only allow port 80 and 443 traffic from the content filter outbound and deny all other port 80 and 443 traffic. This way if they remove the proxy setting in their browser they will not be able to bypass the filter.

I need help with the ACL. Would something like this work:

access-list inside_out extended permit tcp host 192.168.1.1 any eq 80
access-list inside_out extended permit tcp host 192.168.1.1 any eq 443
access-list inside_out extended deny tcp 191.168.1.0 255.255.255.0  any eq 80
access-list inside_out extended deny tcp 191.168.1.0 255.255.255.0  any eq 443
access-list inside_out extended permit ip any any

access-group inside_out in interface inside

Would this work???


Thank you in advance for your help!
ASKER CERTIFIED SOLUTION
RustyZ32

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros