?
Solved

Port Configurations on Pix 506e

Posted on 2010-08-26
3
Medium Priority
?
336 Views
Last Modified: 2012-06-27
Does anyone have any sample code that would allow me to block all ports except 80 8080 and a few others from internal users while allowing allowing My Exchange server to be the only computer on the inside to use smtp port? Thanks for any help in advance.
0
Comment
Question by:JustAnotherGeek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 10

Expert Comment

by:qbakies
ID: 33533133
So you want to block 80, 8080, and SMTP traffic leaving your network or coming into your network?
0
 
LVL 10

Accepted Solution

by:
qbakies earned 1000 total points
ID: 33533419
From re-reading your question it sounds like you want to block traffic leaving your network so this will do that.  If you want it the other way around or have additional questions please ask.

Assuming your LAN is 192.168.1.0/24 and your Exchange IP is 192.168.1.100:

access-list block_traffic_out permit ip 192.168.1.0 0.0.0.0 any eq 80 <- allows traffic from entire subnet out on port 80
access-list block_traffic_out permit ip 192.168.1.0 0.0.0.0 any eq 8080 <- allows traffic from entire subnet out on port 8080
access-list block_traffic_out permit ip host 192.168.1.100 any eq 25 <- allows traffic from Exchange out on port 25
access-list block_traffic_out deny ip 192.168.1.0 0.0.0.0 any <- denies all other traffic out of your network

Apply this access-list to your inside interface:

access-group block_traffic_out in interface inside

Since ACLs are processed from the top down you will need to add additional entries to the ACL in the order you want them processed.  You should note, however, that this is an extremely rigid ACL that will kill all traffic leaving your network except if specified.
0
 

Author Comment

by:JustAnotherGeek
ID: 33534122
Hey Thanks qbakies.... That is what I am looking for. I want to allow them to access the internet using 80 and 8080 and a couple of other ports. One of the main reasons that I want to block the rest along with 25 is I inherited a Trojan that was spamming was put on several blacklist twice...I want to make sure that on port 25 traffic only leaves the exchange server... Thanks for your help.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question