https://community.cisco.com/t5/network-security/asa5520-rule-for-databsae-network/m-p/974850#M939141 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>Basically, you need to understand what flows in your network and how. </P><P>If you collect certain details and study of your application and DB software to understand their connection initiation and necessity, it will give you a better picture of flow map with port numbers. </P><P>Then according to this prepare access list on both interfaces. Ports you need to open will depend on the application and DB software, not really on the OS type unless they have any independent communication requirement outside of the app and DB. While placing access lists you can always put a permit line between those two subnets and then deny any to any line. </P><P></P><P>Regards</P><P></P></BODY></HTML> Thu, 01 May 2008 04:03:10 GMT kapish.mohole 2008-05-01T04:03:10Z https://community.cisco.com/t5/network-security/asa5520-rule-for-databsae-network/m-p/974847#M939136 <P>Could anyone advice, if I have database servers subnetwork behind an ASA5520 box, (application servers do not behind the ASA5520), what rules I need add in, basically?</P><P></P><P>what if the servers are unix server and what if the servers are window server?</P><P></P><P>Any comments will be appreciated</P><P></P><P>Thanks in advance</P> Mon, 11 Mar 2019 12:32:37 GMT https://community.cisco.com/t5/network-security/asa5520-rule-for-databsae-network/m-p/974847#M939136 julxu 2019-03-11T12:32:37Z https://community.cisco.com/t5/network-security/asa5520-rule-for-databsae-network/m-p/974848#M939138 <HTML><HEAD></HEAD><BODY><P>It depends what type of database, for example we have sql database, for apps to talk to sql database servers needing to cross firewall I opened tcp port 1433 which is the SQL tcp ports needed for client apps or servers needing to talk to sql database server.. basically you need to find out what database is that you are running and what are their required tcp ports to be opened in firewalls.</P><P></P><P>HTH</P><P>Rgds</P><P>Jorge </P></BODY></HTML> Thu, 17 Apr 2008 04:35:04 GMT https://community.cisco.com/t5/network-security/asa5520-rule-for-databsae-network/m-p/974848#M939138 JORGE RODRIGUEZ 2008-04-17T04:35:04Z https://community.cisco.com/t5/network-security/asa5520-rule-for-databsae-network/m-p/974849#M939140 <HTML><HEAD></HEAD><BODY><P>Jorge, great thanks.</P><P></P><P>except certain ports, I also need to get something which unix box always do - alow all the communicate session which original issued by DB server itself.</P><P></P><P>Could you and other expert advice me how can I do on ACL? </P><P></P><P>Thanks in advance.</P></BODY></HTML> Thu, 01 May 2008 02:01:22 GMT https://community.cisco.com/t5/network-security/asa5520-rule-for-databsae-network/m-p/974849#M939140 julxu 2008-05-01T02:01:22Z https://community.cisco.com/t5/network-security/asa5520-rule-for-databsae-network/m-p/974850#M939141 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>Basically, you need to understand what flows in your network and how. </P><P>If you collect certain details and study of your application and DB software to understand their connection initiation and necessity, it will give you a better picture of flow map with port numbers. </P><P>Then according to this prepare access list on both interfaces. Ports you need to open will depend on the application and DB software, not really on the OS type unless they have any independent communication requirement outside of the app and DB. While placing access lists you can always put a permit line between those two subnets and then deny any to any line. </P><P></P><P>Regards</P><P></P></BODY></HTML> Thu, 01 May 2008 04:03:10 GMT https://community.cisco.com/t5/network-security/asa5520-rule-for-databsae-network/m-p/974850#M939141 kapish.mohole 2008-05-01T04:03:10Z