Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
645
Views
0
Helpful
2
Replies

Datacenter Firewall

mazhar mahadik
Level 1
Level 1

‎06-02-2012 02:33 PM - edited ‎03-11-2019 04:14 PM

Hi Experts,

WE have to deploy ASA5585 in between User vlans & server vlans. we have to find all the ports that needs to be opened on firewall.

any tools to do same....

Thanks.

Labels:
0 Helpful
2 Replies 2

mikull.kiznozki
Level 1
Level 1

‎06-02-2012 08:17 PM

well, i wouldn't consider myself an expert yet, but here are my 2c..

what kind of traffic are you going to be expecting from the user vlan's to the server vlans? are the server vlans in a windows domain or a linux domain? there are so many things to this. are you going to be having a web proxy? user file share access(smb)? dns traffic, ldap authentication? dhcp on your servers?

also, are you planning to have private vlan's for your servers to further restrict access from user vlans?

edit: wireshark! or just use nmaps to every server to check the open ports and depending on the server roles and make a rule table accordingly

0 Helpful

mazhar mahadik
Level 1
Level 1
In response to mikull.kiznozki

‎06-03-2012 01:08 PM

HI Mikull,

Actuall there is mix of Windows n Linux servers, Traffic will be Domain traffic ( LDAP AUTH, DNS, DHCP ) + Various Appilcation traffic ,

we will divide Servers ( system / Application) & then apply rules.

is there any better option than Nmap ,

I mean we can put ASA with  permit any any initial option n then any tools which can take src, destination , port data from ASA itself.

Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card