![]() Where i have worked in the past a web proxy was used for internet access so we actually didn't have a default route within our network. The benefits however -ġ) you stop any mischievous/malicious users inside doing things for which your company is utlimately responsibleĢ) you can stop automated software/virus getting back out of the firewallģ) you can as a side effect stop any non-routable internet addresses leaking out of the companyĢ) & 3) in particular can actually be stopped ny not having a default route in your network pointing to the firewall but it really depends on what you need internet access for. Personally at the companies i have worked access is always tied down outbound from the internal network as well as inbound but i appreciate a lot don't do it. I have searched for the best practices on setting up the 5505 and have found that very few admins go beyond the out_access_in ACLs. Would it be overkill to also include ACLs for the INSIDE_access_out as well? This is a single system behind the 5505. ![]() I would like to know the general consensus. Nat (inside,INTERNET) static interface service tcp https httpsĪccess-group INTERNET_access_in in interface INTERNET Nat (inside,INTERNET) static interface service tcp 6129 6129 Nat (inside,INTERNET) static interface service tcp ssh 2222 The 8.3 ACL configuration:Īccess-list INTERNET_access_in remark HTTPS RuleĪccess-list INTERNET_access_in extended permit tcp object WORK object 192-168-30-30_Host eq httpsĪccess-list INTERNET_access_in remark DameWare RuleĪccess-list INTERNET_access_in extended permit tcp object WORK object 192-168-30-30_Host eq 6129Īccess-list INTERNET_access_in remark Fwd_SSHĪccess-list INTERNET_access_in extended permit tcp object WORK object 192-168-30-30_Host eq 2222 The situation is one box with ssh, https, and dameware. Do you think it's overkill to secure a single system down beyond the basic outside_access_in ACLs?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |