10-25-2006 06:00 AM - edited 02-21-2020 01:15 AM
Ok, so the setup is a simple internal, DMZ and External.
Now I have setup a dynamic Nat rul for both the DMZ and for the Internal networks.
If I am on a client and I do a ping www.google.com
I get a dns resolution but the pings do not go through, also if I try and browse to google's website via IE or whatever.
How do I setup a rule using the asdm5.2 to allow all outbound traffic to be allowed? I am not concerned with filtering or blocking any outbound traffic?
10-25-2006 08:46 AM
Is it possible to remove the implicit rules?
Ok, I am starting to get my head around how the rule sets work,(Very different from the other fireweall products I have used,watchguard and checkpoint)
Now I made two rules in the External Incomming rules set
1 - Any - xxx.xxx.xxx.xxx ICMP Any permit
and
2 - Any - Internal ICMP Any Permit
where xxx.xxx.xxx.xxx is an IP address of a machine on the internal network
rule numebr1 works and rule number 2 doesn't why is that?
10-25-2006 09:04 AM
This is very confusing becasue if I change the internal to an any it also works, it seems that you can't specify an interface to have traffic allowed to, you can a destination IP address, Ip Address Range, Any but not an interface.
10-25-2006 09:08 AM
ahh my mistake, xxx.xxx.xxx.xxx was not an ip address of a machine on the internal interface it was the ip address of the external interface, that makes more sense. Just ignore me lack of coffee is not helping me learn. :)
Thanks for all your help I think I have it figured out now.
10-30-2006 01:11 PM
Add "inspect icmp" to your config and ICMP will be inspected and allowed via implicit rules.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide