https://community.cisco.com/t5/network-security/limiting-web-access/m-p/695606#M1031081 <P>I'm working on an assignment for class in which I have to define rules in a firewall configuration. One of the requirements is to allow users on the internal network to be able to "browse the web". Would I need to limit what ports they can access like HTTP or HTTPS or is this usually left wide open? </P> Mon, 11 Mar 2019 09:33:30 GMT kendalle01 2019-03-11T09:33:30Z https://community.cisco.com/t5/network-security/limiting-web-access/m-p/695606#M1031081 <P>I'm working on an assignment for class in which I have to define rules in a firewall configuration. One of the requirements is to allow users on the internal network to be able to "browse the web". Would I need to limit what ports they can access like HTTP or HTTPS or is this usually left wide open? </P> Mon, 11 Mar 2019 09:33:30 GMT https://community.cisco.com/t5/network-security/limiting-web-access/m-p/695606#M1031081 kendalle01 2019-03-11T09:33:30Z https://community.cisco.com/t5/network-security/limiting-web-access/m-p/695607#M1031126 <HTML><HEAD></HEAD><BODY><P>All outbound traffic, i.e, traffic originating from a higher security-level interface destined to a lower security-level interface, is left wide open. However, if required, you can limit it to only web access. For that you can apply a access-list on the inside interface and only open following ports-</P><P></P><P>53 (udp) - for DNS</P><P>80 (tcp) - for HTTP</P><P>443 (tcp) - for HTTPS</P></BODY></HTML> Thu, 15 Feb 2007 00:43:36 GMT https://community.cisco.com/t5/network-security/limiting-web-access/m-p/695607#M1031126 vitripat 2007-02-15T00:43:36Z