02-13-2018 01:05 AM - edited 02-21-2020 10:45 AM
Hi - We have ASA 5516-X firewall in our infra; we have a requirement to allow any service from vulnerability scanner to scan the ASA firewall device.
What is the way to allow this traffic as we cannot use interface ACL to restrict the acccess
Regards
Senthil Murugan
02-13-2018 01:34 AM
There is no single switch to allow this. You have to allow it service by service like that:
ssh IP-OF-VUL-SCANNER 255.255.255.255 inside http IP-OF-VUL-SCANNER 255.255.255.255 inside
02-13-2018 01:37 AM
Thanks Karsten, unfortunately that is not practically possible for all 65535 service and that too both TCP & UDP.
Is there anyway i can give "any" service for those scanner IPs to scan the Firewall.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
