Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
705
Views
0
Helpful
1
Replies

Isolate Internet connectivity to non standard ports

CHRIS KALETH
Level 5
Level 5

‎08-27-2019 07:26 PM

We have ASA's in every office as the egress firewall for the Internet. We only allow 80/443 outbound but we receive many requests from staff to access client sites that include a random port (ex. www.xyz.com:8080) so we have to add a firewall rule each time we have this for our ASA's.  I was hoping we could create an isolated sandbox environment that a user could spin up a vm on demand and this vm would be isolated from our internal network (except for connectivity to it) and the user would login, access the site, and when done it would wipe the vm.  Is there any recommendations along this line or other recommended methods to allow these random ports outbound w/out compromising security?

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎08-28-2019 08:08 AM

This is more a virtualisation question than an ASA-question. I use something similar, but the spin-up of the VMs is done manually on demand.

The ASA-config is straight-forward. The VM-host resides in the DMZ and has an  access-control with nearly everything allowed to the internet but nothing to the rest of the network.

The VMs are configured to always start from the template. And this is the part that does not scale. But with a VDI-solution (like Citrix or VMware Horizon) you should be able to automate this in a scalable way.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card