Object grouping allows objects such as IP hosts, networks, protocols, ports, and Internet Control Message Protocol (ICMP) types to be collected into object groups. Once configured, an object group can be used with the standard conduit or Access Control List (ACL) PIX Firewall commands in order to reference all objects within that group. This reduces the configuration size.
In order to open certain range of TCP or UDP ports on PIX, use the service object group and define it in an ACL or conduit. Refer to this configuration example:
PIX (config)#object-group service tcp PIX(config-service)#port-object range <_1-65535> PIX (config)#object-group service udp PIX(config-service)#port-object range <_1-65535>
Bind the object-groups with access-lists:
PIX (config)#access-list permit tcp any any object-group PIX (config)#access-list permit udp any any object-group
hi,i need to lock down SIP ports on an ASA FW towards our internal SIP/voice GW:external SIP 208.x.x <> ASA FW <> 66.x.x.x internal voice GW per my google, SIP is TCP/UDP port 5060 but i can see some had 5061.there...
Hi team.Please forgive me if this is not the correct list I should be sending this message to.
One of our strategic customers in Brazil is very interested in doing downlink MACSec towards the endpoint (switch-to-user)
The challenge is that they are a str...
I am trying to get AMP for ESA set up on our IronPort C170 appliance running ASyncOS 11.0.3. I believe I have my settings correct, however, files that have a verdict of unknown are not being uploaded for analysis. Perhaps I'm missing something? I have mad...
I am running an ISE POC using only the ISE Context Visibility Wizard and this works fine. We are using all parts of the wizard including the psexec function to look at applications running on windows machines via Anyconnect in the backg...