https://community.cisco.com/t5/network-security/datacenter-firewall/m-p/1952730#M435064 <P>Hi Experts,</P><P></P><P>WE have to deploy ASA5585 in between User vlans &amp; server vlans. we have to find all the ports that needs to be opened on firewall.</P><P>any tools to do same....</P><P></P><P>Thanks.</P> Mon, 11 Mar 2019 23:14:52 GMT mazhar mahadik 2019-03-11T23:14:52Z https://community.cisco.com/t5/network-security/datacenter-firewall/m-p/1952730#M435064 <P>Hi Experts,</P><P></P><P>WE have to deploy ASA5585 in between User vlans &amp; server vlans. we have to find all the ports that needs to be opened on firewall.</P><P>any tools to do same....</P><P></P><P>Thanks.</P> Mon, 11 Mar 2019 23:14:52 GMT https://community.cisco.com/t5/network-security/datacenter-firewall/m-p/1952730#M435064 mazhar mahadik 2019-03-11T23:14:52Z https://community.cisco.com/t5/network-security/datacenter-firewall/m-p/1952731#M435065 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-family: verdana, geneva;">well, i wouldn't consider myself an expert yet, but here are my 2c..</SPAN></P><P><SPAN style="font-family: verdana, geneva;">what kind of traffic are you going to be expecting from the user vlan's to the server vlans? are the server vlans in a windows domain or a linux domain? there are so many things to this. are you going to be having a web proxy? user file share access(smb)? dns traffic, ldap authentication? dhcp on your servers? </SPAN></P><P><SPAN style="font-family: verdana, geneva;">also, are you planning to have private vlan's for your servers to further restrict access from user vlans?</SPAN></P><P></P><P><SPAN style="font-family: verdana, geneva;">edit: wireshark! or just use nmaps to every server to check the open ports and depending on the server roles and make a rule table accordingly</SPAN></P></BODY></HTML> Sun, 03 Jun 2012 03:17:55 GMT https://community.cisco.com/t5/network-security/datacenter-firewall/m-p/1952731#M435065 mikull.kiznozki 2012-06-03T03:17:55Z https://community.cisco.com/t5/network-security/datacenter-firewall/m-p/1952732#M435066 <HTML><HEAD></HEAD><BODY><P>HI Mikull,</P><P></P><P>Actuall there is mix of Windows n Linux servers, Traffic will be Domain traffic ( LDAP AUTH, DNS, DHCP ) + Various Appilcation traffic , </P><P></P><P>we will divide Servers ( system / Application) &amp; then apply rules. </P><P></P><P>is there any better option than Nmap ,</P><P>I mean we can put ASA with&nbsp; permit any any initial option n then any tools which can take src, destination , port data from ASA itself.</P><P></P><P></P><P>Thanks.</P></BODY></HTML> Sun, 03 Jun 2012 20:08:13 GMT https://community.cisco.com/t5/network-security/datacenter-firewall/m-p/1952732#M435066 mazhar mahadik 2012-06-03T20:08:13Z