<div>
I recommend outbound ACL. Permit that which you specifically want to allow, and everything else gets blocked.<br />
<br />
In your case, a user could initiate a connection to those untrusted IPs and it wouldn't be blocked.<br />
<br />
My default policy is to allow users to use FTP, HTTP, and HTTPS on the standard ports. Thats it. No DNS, smtp, POP3, ssh, telnet, http over tcp/8080, etc. If something else is required, it gets added to the ACL, but it isn't permitted by default. &nbsp;I also block traffic to all foreign IP addresses. <br />
<br />
Obviously your DCs need to be able to make queries to other DNS servers, and you need access to and/or for mail servers.<br />
<br />
You could put in the other rules first, and then log your general permit rule, so you can see what other traffic is also being passed, and then make a determination if you want to allow or block.
</div>


<div>
<div class="content wysiwyg-content">
Hello All, today I wanted to block traffic from a couple of untrusted IPs on my ASA firewall, which I did by creating an inbound ACL applied to my external interface. The ACL specifies to block any inbound IP traffic from these addresses to any of my networks.<br />
Would it be an overkill to create an outbound ACL applied to my inside interface that specifies to block all traffic from my LAN to any of those IPs?<br />
One of the ACLs that I have notice in my configuration is an implied one applied to my inside interface that permits all traffic from my LAN to less trusted networks, I believe this ACL is a default one. Would I be overwriting this ACL if I apply this ACL?
</div>
</div>


Hello All, today I wanted to block traffic from a couple of untrusted IPs on my ASA firewall, which I did by creating an inbound ACL applied to my external interface. The ACL specifies to block any inbound IP traffic from these addresses to any of my networks.
Would it be an overkill to create an outbound ACL applied to my inside interface that specifies to block all traffic from my LAN to any of those IPs?
One of the ACLs that I have notice in my configuration is an implied one applied to my inside interface that permits all traffic from my LAN to less trusted networks, I believe this ACL is a default one. Would I be overwriting this ACL if I apply this ACL?

Would an outbound ACL be an overkill?

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.