Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
8
Helpful
2
Replies

secure http only on outside interface

joaquimlopes
Level 1
Level 1

‎10-26-2005 08:12 AM - edited ‎03-09-2019 12:50 PM

Hello,

can anyone help me with this?

i have 1 192.168.1.0 that only needs access to external http/s browsing in two machines 192.168.1.30 and 60.

whats the most secure configuration that i can make to allow only http?

thanks

Labels:
0 Helpful
2 Replies 2

pwicks
Level 1
Level 1

‎10-26-2005 10:58 AM

access-list inside_out permit tcp host 192.168.1.30 any eq https

access-list inside_out permit tcp host 192.168.1.60 any eq https

access-list inside_out deny ip any any

access-group inside_out in interface inside

jackko
Level 7
Level 7
In response to pwicks

‎10-26-2005 03:55 PM

access-list outbound permit tcp host 192.168.1.30 any eq https

access-list outbound permit tcp host 192.168.1.60 any eq https

access-list outbound permit udp any any eq domain

access-group outbound in interface inside

the last entry "permit udp any any eq domain" is required as you need to do dns for internet browsing. further by default there is an implicit

deny all at the end of every acl (i.e. optional). you would only apply this entry for troubleshooting/monitoring purposes.

Customers Also Viewed These Support Documents