04-04-2023 12:22 PM
Right now it's set for this. Is there a better way?
http DMZ 255.255.255.0 management
http 0.0.0.0 0.0.0.0 inside
04-04-2023 02:21 PM
Cisco Guide to Harden Cisco ASA Firewall - Cisco
this guide can help you
04-04-2023 08:08 PM
The command controls where you want to allow management traffic to originate from. If you need it from any inside subnet then the second line does that. The first line in your config would not normally be a best practice as a DMZ should have restrictive security policies to limit exposure of and access to/from servers in that network.
04-05-2023 06:28 AM
To remove it. Is it just
No http dmz 255.255.255.0?
04-05-2023 06:39 AM
http DMZ 255.255.255.0 management
http 0.0.0.0 0.0.0.0 inside
You use dmz as source ip to access mgmt interface not using dmz interface.
I always prefer two http line
In such a case that interface is down or unreachable for any reason I have other one I can use.
Config any asa interface for http except outside interface.
That my opinion.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide