firewall policy

att-sgcops — Mon, 11 Mar 2019 09:21:24 GMT

hi all, I am new to firewall. now we have a FW for internet access. My boss asked me to design some policy to be applied on the FW. Can some of you share some configuration/policy to me. Our DMZ topology is quite simple:

intenet--------internet router--------ASA 5520-----LAN. There are some servers in the LAN, they are: Databased server, Mail server (need to be accessed via internet).

thanks in advance

Re: firewall policy

martybarron — Thu, 18 Jan 2007 14:43:56 GMT

I would create a DMZ for the internet based servers

I would suggest somethign more like

Inet

Inet router

ASA ---- DMZ with externally accessed servers

Interal router

Internal lans

As far as policy, I would allow the internet uses to access the DMZ resources only on the ports required for functionality.

Allow outboud from the internal network only on the ports required for work.

You actually need 3 seperate policys

1 for the outside interface

1 for the dmz interface

1 for the inside interface

You also need a translation for internal hosts to get out and to access the dmz resources.

topic firewall policy in Network Security

firewall policy

Re: firewall policy