topic Re: Pix 506 E in Network Security https://community.cisco.com/t5/network-security/pix-506-e/m-p/732250#M1001630 <HTML><HEAD></HEAD><BODY><P>Apply an access-list to the inside interface. Say you only want to allow http, ftp and https outbound you would do something like the following.</P><P></P><P>access-list acl_inside permit tcp any any eq 80</P><P>access-list acl_inside permit tcp any any eq 443</P><P>access-list acl_inside permit tcp any any eq 21</P><P>access-group acl_inside in interface inside</P><P></P><P></P><P>I would review what traffic you want allowed outbound then apply the access-list.</P><P></P><P>When you want to make additions to your ACL down the road, say you forgot to allow DNS from your internal network, you then just add the new ACL. (You want to allow DNS in your initial access-list)</P><P></P><P>access-list acl_inside permit udp any any eq 53</P><P></P><P></P></BODY></HTML> Sun, 22 Jul 2007 13:35:52 GMT JBDanford2002 2007-07-22T13:35:52Z Pix 506 E https://community.cisco.com/t5/network-security/pix-506-e/m-p/732249#M1001629 <P>How do I block outbound traffic?</P> Mon, 11 Mar 2019 10:47:35 GMT https://community.cisco.com/t5/network-security/pix-506-e/m-p/732249#M1001629 wazzaclarke 2019-03-11T10:47:35Z Re: Pix 506 E https://community.cisco.com/t5/network-security/pix-506-e/m-p/732250#M1001630 <HTML><HEAD></HEAD><BODY><P>Apply an access-list to the inside interface. Say you only want to allow http, ftp and https outbound you would do something like the following.</P><P></P><P>access-list acl_inside permit tcp any any eq 80</P><P>access-list acl_inside permit tcp any any eq 443</P><P>access-list acl_inside permit tcp any any eq 21</P><P>access-group acl_inside in interface inside</P><P></P><P></P><P>I would review what traffic you want allowed outbound then apply the access-list.</P><P></P><P>When you want to make additions to your ACL down the road, say you forgot to allow DNS from your internal network, you then just add the new ACL. (You want to allow DNS in your initial access-list)</P><P></P><P>access-list acl_inside permit udp any any eq 53</P><P></P><P></P></BODY></HTML> Sun, 22 Jul 2007 13:35:52 GMT https://community.cisco.com/t5/network-security/pix-506-e/m-p/732250#M1001630 JBDanford2002 2007-07-22T13:35:52Z