topic block access rule does not works in Network Access Control

block access rule does not works

gogi99 — Fri, 31 Dec 2021 06:55:48 GMT

i have the firepower 1120 firewall, i have a network in DMZ zone. i natted my server and when i create block access rule for ping, this rule does not works. also, i noticed that my firewall allow all to my server, all open ports are allowed

Re: block access rule does not works

gogi99 — Fri, 31 Dec 2021 07:13:50 GMT

when i set default access rule on block nothing does not works

Re: block access rule does not works

Karsten Iwen — Fri, 31 Dec 2021 09:02:26 GMT

Your access-rule doesn't work because you only block traffic from outside to outside.

For a firewall deployment you should use the default deny and allow everything you need. And pay attention on using the correct zones.

Re: block access rule does not works

gogi99 — Fri, 31 Dec 2021 09:25:48 GMT

if i set default deny, allowing port on natted device i set access rule from any (outside zone) to local ip address of my server (172.16.20.x insied zone) or on natted ip address?

Re: block access rule does not works

Karsten Iwen — Fri, 31 Dec 2021 17:46:44 GMT

You habe to use the real IP (that is the one used in the DMZ on the server) in your access-control rule.