Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Port Configurations on Pix 506e

Posted on 2010-08-26
3
Medium Priority
?
337 Views
Last Modified: 2012-06-27
Does anyone have any sample code that would allow me to block all ports except 80 8080 and a few others from internal users while allowing allowing My Exchange server to be the only computer on the inside to use smtp port? Thanks for any help in advance.
0
Comment
Question by:JustAnotherGeek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 10

Expert Comment

by:qbakies
ID: 33533133
So you want to block 80, 8080, and SMTP traffic leaving your network or coming into your network?
0
 
LVL 10

Accepted Solution

by:
qbakies earned 1000 total points
ID: 33533419
From re-reading your question it sounds like you want to block traffic leaving your network so this will do that.  If you want it the other way around or have additional questions please ask.

Assuming your LAN is 192.168.1.0/24 and your Exchange IP is 192.168.1.100:

access-list block_traffic_out permit ip 192.168.1.0 0.0.0.0 any eq 80 <- allows traffic from entire subnet out on port 80
access-list block_traffic_out permit ip 192.168.1.0 0.0.0.0 any eq 8080 <- allows traffic from entire subnet out on port 8080
access-list block_traffic_out permit ip host 192.168.1.100 any eq 25 <- allows traffic from Exchange out on port 25
access-list block_traffic_out deny ip 192.168.1.0 0.0.0.0 any <- denies all other traffic out of your network

Apply this access-list to your inside interface:

access-group block_traffic_out in interface inside

Since ACLs are processed from the top down you will need to add additional entries to the ACL in the order you want them processed.  You should note, however, that this is an extremely rigid ACL that will kill all traffic leaving your network except if specified.
0
 

Author Comment

by:JustAnotherGeek
ID: 33534122
Hey Thanks qbakies.... That is what I am looking for. I want to allow them to access the internet using 80 and 8080 and a couple of other ports. One of the main reasons that I want to block the rest along with 25 is I inherited a Trojan that was spamming was put on several blacklist twice...I want to make sure that on port 25 traffic only leaves the exchange server... Thanks for your help.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question