https://community.cisco.com/t5/network-security/firewall-lockdown/m-p/2100299#M393018 <P>I've to lockdown the firewall by ip address and port.</P><P></P><P>i.e. I've to lock down the firewall from OUTSIDE to INSIDE based on ip address &amp; port. we don't know what ports we need to lock down so we would have to do logging and than find out which desinate ip and port those source IP addresses communicate to.</P><P></P><P>what logging do we have to enable to get that level of detail?</P> Tue, 12 Mar 2019 00:46:08 GMT gavin han 2019-03-12T00:46:08Z https://community.cisco.com/t5/network-security/firewall-lockdown/m-p/2100299#M393018 <P>I've to lockdown the firewall by ip address and port.</P><P></P><P>i.e. I've to lock down the firewall from OUTSIDE to INSIDE based on ip address &amp; port. we don't know what ports we need to lock down so we would have to do logging and than find out which desinate ip and port those source IP addresses communicate to.</P><P></P><P>what logging do we have to enable to get that level of detail?</P> Tue, 12 Mar 2019 00:46:08 GMT https://community.cisco.com/t5/network-security/firewall-lockdown/m-p/2100299#M393018 gavin han 2019-03-12T00:46:08Z https://community.cisco.com/t5/network-security/firewall-lockdown/m-p/2100300#M393025 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If you have an ACL permitting some traffic from the OUTSIDE to INSIDE, all the rest of the traffic should already be blocked by the Implicit Deny at the end of every ACL (doesnt show in the CLI format of the configuration but shows on the ASDM side)</P><P></P><P>Is you OUTSIDE interface ACL very open at the moment?</P><P></P><P></P><P>Your logging level should be atleast "informational"</P><P></P><P>This would mean configurations like</P><P></P><P>logging on</P><P>logging device-id hostname</P><P>logging timestamp</P><P>logging trap informational</P><P>logging host <INTERFACE> <IP address=""></IP></INTERFACE></P><P></P><P>Which would</P><UL><LI>Enabled logging</LI><LI>Add your firewall "hostname" to the log messages sent</LI><LI>Add "timestamp" to your log messages</LI><LI>Send log messages up to "informational" level<UL><LI>which would log Connection/NAT forming and teardown and denied connections</LI></UL></LI><LI>Would specify a Syslog server behind <INTERFACE> with the IP address of <IP address=""></IP></INTERFACE></LI></UL><P></P><P></P><P>- Jouni</P></BODY></HTML> Sat, 12 Jan 2013 16:58:26 GMT https://community.cisco.com/t5/network-security/firewall-lockdown/m-p/2100300#M393025 Jouni Forss 2013-01-12T16:58:26Z https://community.cisco.com/t5/network-security/firewall-lockdown/m-p/2100301#M393029 <HTML><HEAD></HEAD><BODY><P>Is this ASA or FWSM? If this is ASA then, high to low security traffic (inside to outside) is automatically allowed without an ACL applied on the inside interface. From outside to inside, you would have to allow what is needed via ACL.</P><P>If you have webservers behind the ASA then, you would have allow people on the internet to be able to access it and can't restrict it based on source IP addresses on the internet unless you know who you need to allow permission from the internet to access your web server. </P><P></P><P>As far as logging is concerned, pls. follow what Jouni has suggested. </P><P></P><P>Pls. join me on Tuesday.</P><P></P><P><A class="jive-link-external-small" href="https://community.cisco.com/community/netpro/expert-corner">https://supportforums.cisco.com/community/netpro/expert-corner#view=webcasts</A></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 10px 0px; color: #333333; font-family: Arial, Helvetica, sans-serif; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 16px; orphans: 2; text-align: left; text-transform: none; white-space: normal; widows: 2;"><STRONG style="border-collapse: collapse; font-size: 12px; list-style: none;"><SPAN style="font-size: 14pt;">Upcoming Live Webcast in</SPAN> English<SPAN style="font-size: 14pt;">:</SPAN> January 15, 2013</STRONG><BR /><STRONG style="border-collapse: collapse; font-size: 14pt; list-style: none; ">Troubleshooting ASA and Firewall Service Modules</STRONG></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 10px 0px; color: #333333; font-family: Arial, Helvetica, sans-serif; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 16px; orphans: 2; text-align: left; text-transform: none; white-space: normal; widows: 2;"><A href="http://tools.cisco.com/gems/cust/customerQA.do?METHOD=E&amp;LANGUAGE_ID=E&amp;SEMINAR_CODE=S17664&amp;PRIORITY_CODE=cisco%20" style="border-collapse: collapse; font-size: 12px; list-style: none; outline: none; color: #2f6681;">Register today for this Cisco Support Community live webcast.</A> </P><P></P><P></P><P>-Kureli</P></BODY></HTML> Sun, 13 Jan 2013 03:37:15 GMT https://community.cisco.com/t5/network-security/firewall-lockdown/m-p/2100301#M393029 Kureli Sankar 2013-01-13T03:37:15Z