topic Ports to be opened in Network Security

Ports to be opened

sreekanth sarma — Mon, 11 Mar 2019 13:16:37 GMT

Hi i use ASA 5520 all my clients on my LAN Jus go out for internet i use ip any any on my outside interface of ASA i dont want to use it CAN u please tell me the default ports that are to be permitted i know some what else can be used

www

ftp

ssh

3389 remote desktop service

Re: Ports to be opened

Adam Frederick — Fri, 18 Jul 2008 13:26:29 GMT

any traffic from in to out is permitted by deafult, unless you apply an ACL.

any traffic from out to in has to be permitted in an ACL if you have something that needs to be served to the web (ie. ftp). you Never want permit ip any any frmo out to in!!

Re: Ports to be opened

dhananjoy chowdhury — Fri, 18 Jul 2008 14:06:23 GMT

Hi,

Some common ports would be

http,https,dns,ftp,3389.. but better to enable logging and capture traffic logs.

This will help you to build the access-lists for allowing traffic from inside LAN.

And like the other person has mentioned, put ACL on the Outside .. allow only legitimate traffic from Out to in.