https://community.cisco.com/t5/network-security/asa5520/m-p/1590580#M593712 <P>how can we block proxy address x.x.x.x..in ASA5520. Means some smart users entered in their browser proxy (same proxy ISP provided) with port 8080.</P><P></P><P>Then their traffic bypass our Firewall.</P><P></P><P>What was the solution with ASA5520.</P><P></P><P>Waiting for quick response.</P> Mon, 11 Mar 2019 19:37:50 GMT mkashifashraf 2019-03-11T19:37:50Z https://community.cisco.com/t5/network-security/asa5520/m-p/1590580#M593712 <P>how can we block proxy address x.x.x.x..in ASA5520. Means some smart users entered in their browser proxy (same proxy ISP provided) with port 8080.</P><P></P><P>Then their traffic bypass our Firewall.</P><P></P><P>What was the solution with ASA5520.</P><P></P><P>Waiting for quick response.</P> Mon, 11 Mar 2019 19:37:50 GMT https://community.cisco.com/t5/network-security/asa5520/m-p/1590580#M593712 mkashifashraf 2019-03-11T19:37:50Z https://community.cisco.com/t5/network-security/asa5520/m-p/1590581#M593713 <HTML><HEAD></HEAD><BODY><P>To be clear, you want to block any source from accessing a spec<SPAN style="background-color: #f8fafd;">ific destination and port?</SPAN></P><P><SPAN style="background-color: #f8fafd;">That port being TCP 8080?</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">If so, then a simple ACL on your incoming interface will be sufficient, e.g.</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;"><EM>access-list proxy-blocker deny tcp <SOURCE ips=""> host <DESTINATION ip=""> eq 8080</DESTINATION></SOURCE></EM></SPAN></P></BODY></HTML> Thu, 20 Jan 2011 13:53:29 GMT https://community.cisco.com/t5/network-security/asa5520/m-p/1590581#M593713 handsy 2011-01-20T13:53:29Z https://community.cisco.com/t5/network-security/asa5520/m-p/1590582#M593714 <HTML><HEAD></HEAD><BODY><P>Ashraf,</P><P>Do you have an ACL applied on the inside interface? You probably don't that is the reason all these connections destined to port 8080 are allowed. You may want to restric what traffic leaves the firewall so, you can block this proxy IP and port 8080 in that ACL. May sure to allow what you need to allow or the implicit deny any any will block everything.</P><P>example:</P><P>access-list inside-acl deny tcp any host p.p.p.p eq 8080 (where p.p.p.p is the proxy ip that people are using in the browser to bypass)</P><P>access-list inside--acl per tcp any any eq 80</P><P>access-list inside-acl per udp any any eq 53</P><P>..</P><P>allow what ever else you need to allow and apply the acl on the inside interface.</P><P></P><P>aceess-g inside-acl in int inside</P><P></P><P>-KS</P></BODY></HTML> Fri, 21 Jan 2011 05:07:54 GMT https://community.cisco.com/t5/network-security/asa5520/m-p/1590582#M593714 Kureli Sankar 2011-01-21T05:07:54Z