Security: Simple ASA setup

A friend of mine has recently done some ASA lab and found that he could not access the ESXi server located on the inside interface. His computer was on the outside interface. So I told him to use access-group myacl in interface outside and it should 100% worked. He told me this did not work... … Continue reading Security: Simple ASA setup

ASA5505: Start from the easiest

Requirement Existing connections are present, recently you are tasked to add rules to the firewall. A new server is added to provide FTP and HTTP service, another new workstation is added that is tasked to retrieve data from new server only. New server is placed in security level 70 whereas the workstation is at 100. … Continue reading ASA5505: Start from the easiest

Security: Physical interface redundancy

Suppose there's a physical cable from your pix/asa to a switchport at a vlan fails, you cannot afford down time due to link failure. You can consider using interface redundancy. Firewall interface redundancy can include up to 8 physical interfaces. Physical interfaces that are member of redundant link will have all its security parameters wiped … Continue reading Security: Physical interface redundancy

Security: Zone based firewall rules

Intended traffic that will be allowed and be inspected from inside to outside zone class-map type inspect match-any fw-cmap match protocol ssh match protocol telnet match protocol http match protocol https match protocol ftp match protocol dns match protocol ntp match protocol smtp match protocol isakmp match protocol ipsec-msft Class map can be used for … Continue reading Security: Zone based firewall rules