<div>
You can use ASDM with logging enabled to see connections in real time
</div>


You can use ASDM with logging enabled to see connections in real time

<div>
Do you only need to lock down outside-in connections? Or do they also want you to limit outgoing traffic?
</div>


Do you only need to lock down outside-in connections? Or do they also want you to limit outgoing traffic?

<div>
Lock down outside-in connections.
</div>


<div>
Well I guess i&quot;m goign to have to keep the real time connection log going for a while, and just note the connections through out the day.<br />
<br />
Its a pretty big network. The sources could be coming from many different /24, to many different services/ports.<br />
<br />
Just suprised there's not a better way to do it.
</div>


Well I guess i"m goign to have to keep the real time connection log going for a while, and just note the connections through out the day.

Its a pretty big network. The sources could be coming from many different /24, to many different services/ports.

Just suprised there's not a better way to do it.

<div>
<div class="content wysiwyg-content">
At the moment there are some new cisco ASA's in a network that at the end of the every ACL have a permit, &quot;any any&quot; so nothing gets blocked.<br />
<br />
I am now tasked with locking it down. Is there a way I can see what connections have been used, to what IP, port, etc so I can create rules off those?<br />
<br />
This is a production network, so I can't just lock it down, then try to figure out what to open back up.
</div>
</div>


At the moment there are some new cisco ASA's in a network that at the end of the every ACL have a permit, "any any" so nothing gets blocked.

I am now tasked with locking it down. Is there a way I can see what connections have been used, to what IP, port, etc so I can create rules off those?

This is a production network, so I can't just lock it down, then try to figure out what to open back up.

How to figure out what ACL rules to add to wide open ASA

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

Networking software modules are interfaced with a framework implemented on the machine's operating system that implements the networking functionality of the operating system. The best known frameworks are the TCP/IP model and the OSI model. Systems typically do not use a single protocol to handle a transmission. Instead they use a set of cooperating protocols, sometimes called a protocol family or protocol suite.[9] Some of the best known protocol suites include: IPX/SPX, X.25, AX.25, AppleTalk and TCP/IP. Other protocols indirectly related to networking include the hypertext transfer protocol (HTTP) and its related technologies, Dynamic Host Configuration Protocol (DHCP), Domain Name Server (DNS) and other Internet protocols.