topic Firewall policy in Network Security

Firewall policy

CiscoIPMAN — Fri, 21 Feb 2020 17:40:58 GMT

I am trying to have an external user (outside the perimeter of my network) that needs to access a server in the data center. Would I need to create 2 policies for this? One fw policy when it comes into the border firewall and another at the data center firewall? Say for example they needed http and https access.

Thanks for any help!!

Re: Firewall policy

balaji.bandi — Sat, 09 Nov 2019 20:25:15 GMT

here is the example guide - i am in impression both are ASA FW.

this is the guide for external FW.

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/118996-config-asa-00.html

Internal DC FW you do not require NAT. Hopefull in the normal environment Internal LAN IP address allowed to use DC HTTP / HTTPS port ( i am guessing you do not need any rules)

Once you made changes external FW NAT and ACL allow incoming for the request, if working good, if not you need to have allowed ACL in the DC FW for the IP you doing NAT. (if you have different IP address range for DC application servers).

Re: Firewall policy

Karsten Iwen — Sun, 10 Nov 2019 17:19:53 GMT

I would rethink about your access-strategy. If it is an unknown external user, then terminate the session in a DMZ at a reverse proxy. If it is a known user that is somehow related to your company, let him VPN into your environment. In both cases you don't need to open your data-centre to the outside world.