01-20-2011 02:27 AM - edited 03-11-2019 12:37 PM
how can we block proxy address x.x.x.x..in ASA5520. Means some smart users entered in their browser proxy (same proxy ISP provided) with port 8080.
Then their traffic bypass our Firewall.
What was the solution with ASA5520.
Waiting for quick response.
Solved! Go to Solution.
01-20-2011 09:07 PM
Ashraf,
Do you have an ACL applied on the inside interface? You probably don't that is the reason all these connections destined to port 8080 are allowed. You may want to restric what traffic leaves the firewall so, you can block this proxy IP and port 8080 in that ACL. May sure to allow what you need to allow or the implicit deny any any will block everything.
example:
access-list inside-acl deny tcp any host p.p.p.p eq 8080 (where p.p.p.p is the proxy ip that people are using in the browser to bypass)
access-list inside--acl per tcp any any eq 80
access-list inside-acl per udp any any eq 53
..
allow what ever else you need to allow and apply the acl on the inside interface.
aceess-g inside-acl in int inside
-KS
01-20-2011 05:53 AM
To be clear, you want to block any source from accessing a specific destination and port?
That port being TCP 8080?
If so, then a simple ACL on your incoming interface will be sufficient, e.g.
access-list proxy-blocker deny tcp
01-20-2011 09:07 PM
Ashraf,
Do you have an ACL applied on the inside interface? You probably don't that is the reason all these connections destined to port 8080 are allowed. You may want to restric what traffic leaves the firewall so, you can block this proxy IP and port 8080 in that ACL. May sure to allow what you need to allow or the implicit deny any any will block everything.
example:
access-list inside-acl deny tcp any host p.p.p.p eq 8080 (where p.p.p.p is the proxy ip that people are using in the browser to bypass)
access-list inside--acl per tcp any any eq 80
access-list inside-acl per udp any any eq 53
..
allow what ever else you need to allow and apply the acl on the inside interface.
aceess-g inside-acl in int inside
-KS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide