I'm setting up a new ACL on our PIX firewall (running version 7.x) to block FTP. Someone asked if I could enable FTP downloading for some machines but prevent from uploading. Is that possible? What would the ACL look like?
Network Security
Engage with peers and experts on network security topics such as Secure Firewall Threat Defense, Adaptive Security Appliance, Secure Firewall Management Center, and Security Cloud Control.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- Technology and Support
- Security
- Network Security
Options
- Mark all as New
- Mark all as Read
- Float this item to the top
- Subscribe
- Bookmark
- Subscribe to RSS Feed
- Threaded format
- Linear Format
- Sort by Topic Start Date
Labels
-
AAA
(8) -
Access Control Server (ACS)
(6) -
Access List
(4) -
ACI
(10) -
Advanced Threats
(1) -
AMP for Endpoints
(1) -
AnyConnect
(3) -
APIs
(1) -
Appliances
(18) -
ASA
(1) -
ASR 1000 Series
(1) -
Branch Router
(2) -
Buying Recommendation
(85) -
Catalyst 2000
(1) -
Catalyst 3000
(2) -
Catalyst 4000
(1) -
Catalyst 6000
(1) -
Catalyst 8000
(1) -
Catalyst 9000
(2) -
Catalyst Switch
(2) -
Catalyst Wireless Controllers
(1) -
Cisco
(1) -
Cisco Adaptive Security Appliance (ASA)
(9,512) -
Cisco Bugs
(31) -
Cisco Cafe
(25) -
Cisco CLI Analyzer
(1) -
Cisco Cloud Services Router
(1) -
Cisco Defense Orchestrator (CDO)
(140) -
Cisco Firepower Device Manager (FDM)
(812) -
Cisco Firepower Management Center (FMC)
(2,909) -
Cisco Firepower Threat Defense (FTD)
(3,164) -
Cisco Press Cafe
(1) -
Cisco Secure Firewall Management Center (FMC)
(8) -
Cisco Secure Firewall Threat Defense (FTD)
(8) -
Cisco Security Cloud Control
(1) -
Cisco Security Manager (CSM)
(3) -
Cisco Software
(17) -
CISCO START ANZ
(1) -
Cisco Threat Response
(1) -
Cisco Vulnerability Management
(42) -
Cloud
(1) -
Cloud Security
(3) -
Community Bug or Issue
(1) -
Community Feedback Forum
(31) -
Community Ideas
(18) -
Compliance and Posture
(1) -
Crypto
(1) -
CSC Content with No Valid Community to Post
(1) -
CUBE
(1) -
CUCM
(1) -
Data Center Networking
(1) -
Device Admin
(13) -
EEM Scripting
(1) -
Emergency Responder
(1) -
Endpoint Security
(6) -
Enterprise Agreement
(1) -
Event Analysis
(258) -
FirePOWER
(1) -
Firepower Chassis Manager (FCM)
(2) -
Firepower Device Manager (FDM)
(16) -
Firepower Management Center (FMC)
(408) -
Firepower Threat Defense (FTD)
(221) -
Firewall Migration Tool (FMT)
(25) -
Firewalls
(1,171) -
FMC
(1) -
General
(2) -
Guest
(1) -
Identity Services Engine (ISE)
(9) -
IE3300
(1) -
Integrated Security
(8) -
Integrated Security Architecture
(1) -
Integrations
(3) -
Investigation
(2) -
iOS
(1) -
IPS and IDS
(6,567) -
IPS and IDS1
(1) -
IPS-IDS
(1) -
IPSEC
(1) -
ISE
(1) -
LAN Switching
(7) -
License
(319) -
MPLS
(1) -
Multicloud Defense
(2) -
Network Management
(90) -
Network Security
(2) -
Networking
(1) -
NFVIS
(1) -
NGFW Firewalls
(37,553) -
NGIPS
(1,872) -
Online Tools and Resources
(1) -
Optical Networking
(3) -
Optics
(1) -
Other Collaboration Topics
(1) -
Other Community Feedback
(4) -
Other Firewalls
(1) -
Other NAC
(18) -
Other Network
(1) -
Other Network Security Topics
(10,771) -
Other Networking
(8) -
Other Routers
(9) -
Other Routing
(24) -
Other Routing and Switching topics
(2) -
Other Security
(1) -
Other Security Topics
(18) -
Other Switches
(11) -
Other Switching
(4) -
Other VPN Topics
(1) -
Passive Identity
(1) -
Physical Security
(20) -
Policy and Access
(2) -
Prioritization
(2) -
Remote Access
(2) -
Room Endpoints
(1) -
Routing Protocols
(7) -
SD-WAN Security
(1) -
Secure Network Analytics
(1) -
Security
(3) -
Security Management
(625) -
Segmentation
(3) -
Service Providers
(1) -
Small Business Routers
(4) -
Small Business Security
(2) -
Sourcefire
(2) -
Support
(2) -
Threat Containment
(6) -
Threat Defense
(1) -
Unified Computing System (UCS)
(1) -
Voice Gateways
(1) -
VPN
(24) -
VPN and AnyConnect
(1) -
Vulnerability Management
(41) -
WAN
(7) -
Web Security
(5) -
Webex Teams
(1) -
Wired
(3) -
Wireless Security
(1)
- « Previous
- Next »
Forum Posts
Resolved! Pix firewall
In my Pix 515e there is an access-list entry : access-list out_acl permit tcp any host 69.67.67.100 eq smtp( 69.67.67.100) is the public IP address of the Mail server.do I need this ?, can somebody explain to me what this access-list is doing ?.Why s...
Hello,I have following problem with NAC 4.1.3 - it's happen sometimes that clients have NEWER virus definition than in NAC rules and checks database.And than clients can't get access to network. NAC rules updates are scheduled twice a day (should it ...
I want to start the asdm-launcher from the windows command-line with a specific asa ip-address (script). So i must only insert the username and password and not the ip-adress .Is this possible? Thx for your positive answer :-)Andreas
HiI've got a pix 501 and I've permitted ALL icmp through the outside and inside access-lists, yet traceroute through this firewall still does not work, it just shows stars for all hops past the pix until the actual final destination. I've read a ton...
Hi All, I have setup a lab to test ASA faillover situation. The lab is success that Secondary ASA can change standby mode to active mode once Primary ASA is failure. However, When I test stateful failover that use a PC to FTP file from FTP server. Th...
I need to setup 2 VLANS 100 and 55. The topology of the network is internet-->cisco 2811 router-->cisco 515 PIX-->PC users. The PIX is the gateway for the PC users. Normally I would setup the VLANS on the router, but I have PIX now, and I am not su...
Resolved! PIX access problem
I have a problem accessing a PIX 515E from either SSH or Telnet. The password has been lost but the strange thing is that I can still perform any config changes I need to from within the ASDM. Last week I needed to add a command which I cannot find i...
Ok, I am stumped, so here I am :)I have a 1721 router with a DSL WIC for a location for their internet access and with a VPN tunnel to HQ. The problem is that SPI lets MOST traffic in and out, but it is blocking some sites... microsoft.com and southw...
Hello, all.I've noticed an interesting behavior of the Windows clients.We have NAC OOB L3 deployment + ip-telephony. Workstations are behind ip-phones (cisco). Users do not have administrator privileges on their PCs.When the user is authenticated the...
I have ACLs blocking most P2Ps on our edge rtrs. But they still coming in...can anyone post their P2P ACLs...I just want to compare with what I have. How about NBAR? How reliable is it running in a large network? TXAlex
Hello all,Is it possible to migrate LMS 2.6 into LMS 3.0 ?
I have two ASA 5520's setup in an active standby configuration. Each pix is configured with a inside and outside interface. I am also using the other two interfaces for the failover, and stateful pair. These firewall's are directly plugged into each ...
Hi, I'm trying to replace my PIX505E with the new ASA5505; I have a single public global IP address and I'm currently using some PATS in order to allow some external access to some services provided by "internal" hosts. I also allow VPN connections o...
Hi All,Sorry for the off-topic but I come froma Unix environment so I am more familiar with SSH than Microsoft Remote Desktop Protocol (RDP).I noticed that with Win2003 Service Pack 1, Microsoft Windows 2003 RDP supports RDP with FIPs compliant. Doe...
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Unanswered Topics
| Subject | Author | Posted |
|---|---|---|
| 07-16-2025 04:21 AM | ||
| 07-06-2025 01:40 PM | ||
| 07-04-2025 01:59 AM | ||
| 06-19-2025 07:32 AM | ||
| 06-17-2025 01:07 PM |
Top Solution Authors
| User | Count |
|---|---|
| 11 | |
| 6 | |
| 4 | |
| 3 | |
| 1 |
