Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1219
Views
0
Helpful
0
Comments

How to open a certain range of TCP and UDP ports on the PIX Firewall with object-groups

TCC_2
Level 10
Level 10

‎06-22-2009 04:36 PM - edited ‎03-08-2019 06:15 PM

Core issue

Object grouping allows objects such as IP hosts, networks, protocols, ports, and Internet Control Message Protocol (ICMP) types to be collected into object groups. Once configured, an object group can be used with the standard conduit or Access Control List (ACL) PIX Firewall commands in order to reference all objects within that group. This reduces the configuration size.

Resolution

In order to open certain range of TCP or UDP ports on PIX, use the service object group and define it in an ACL or conduit. Refer to this configuration example:

PIX (config)#object-group service  tcp
PIX(config-service)#port-object range <_1-65535>
PIX (config)#object-group service  udp
PIX(config-service)#port-object range <_1-65535>

Bind the object-groups with access-lists:

PIX (config)#access-list permit tcp any any object-group
PIX (config)#access-list permit udp any any object-group

Refer to the Service Configuration section of Using and Configuring PIX/ASA Object Groups for more information.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents