05-10-2024 04:02 AM
Situation:-
Requirement:-
Note – VPN is not an option
05-10-2024 04:21 AM - edited 05-10-2024 04:47 AM
Why you not use ACL applying to Outside interface direction IN allow any to real server IP(private IP) for specific ports.
That prevent any access to server for any other udp/tcp port and also icmp (since icmp dont have l4 ports)
For other attack you can use thread detection
Where if asa detect tcp flood is reach specific number the clinet public IP will shun for specific time or forever (depending on your config)
Also you can use
Policy map to drop connection
https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c01844881
MHM
05-10-2024 01:34 PM
What you described in the "situation" section is sufficient. Just open those 2-3 ports to the server and block everything else. By default ASA/FTD doesn't send ICMP unreachable or TCP RST in response to inbound requests which are blocked by the ACL, which makes "discovery" of the firewall a bit more difficult. Also, ASA/FTD doesn't listen on any port, unless explicitly configured to do so. Don't configure any other "protection", like threat detection, unless you want to shoot yourself in the foot.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide