Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
658
Views
0
Helpful
3
Replies

Access-list command

gregm
Level 1
Level 1

‎02-22-2006 09:04 AM - edited ‎02-20-2020 09:36 PM

Does anyone have an example of allowing internal users access to http, https and ftp and block access to everything else?

Labels:
0 Helpful
3 Replies 3

mainesy
Level 1
Level 1

‎02-22-2006 09:28 AM

I assume you are wanting this outbound (for PIX?)?

access-list %acl_name% permit tcp any any eq www

access-list %acl_name% permit tcp any any eq https

access-list %acl_name% permit tcp any any eq ftp

access-list %acl_name% deny ip any any

access-group %acle_name% out interface inside

That should allow outbound connections that you want and block everything else.

Josh

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to mainesy

‎02-22-2006 04:32 PM

Might be a good idea to be restrictive on the source hosts on the inside interface ACL.

Suppose 192.168.1.0/24 is the internal network !

access-list inside-acl permit tcp 192.168.1.0 255.255.255.0 any eq www

access-list inside-acl permit tcp 192.168.1.0 255.255.255.0 any eq https

access-list inside-acl permit tcp 192.168.1.0 255.255.255.0 any eq ftp

access-list inside-acl deny ip any any

access-group inside-acl in interface inside

Note that out in < access-group %acle_name% out interface inside > just works in FWSM and PIX 7.0 Code.

sincerely

Patrick

0 Helpful

gregm
Level 1
Level 1
In response to Patrick Iseli

‎02-23-2006 06:22 PM

Worked, Thanks

By the way I'm using 7.11 code...Working good!

Greg

0 Helpful
Customers Also Viewed These Support Documents