Security: Simple ASA setup

A friend of mine has recently done some ASA lab and found that he could not access the ESXi server located on the inside interface. His computer was on the outside interface. So I told him to use access-group myacl in interface outside and it should 100% worked. He told me this did not work... … Continue reading Security: Simple ASA setup


Security: Physical interface redundancy

Suppose there's a physical cable from your pix/asa to a switchport at a vlan fails, you cannot afford down time due to link failure. You can consider using interface redundancy. Firewall interface redundancy can include up to 8 physical interfaces. Physical interfaces that are member of redundant link will have all its security parameters wiped … Continue reading Security: Physical interface redundancy

Security: Zone based firewall rules

Intended traffic that will be allowed and be inspected from inside to outside zone class-map type inspect match-any fw-cmap match protocol ssh match protocol telnet match protocol http match protocol https match protocol ftp match protocol dns match protocol ntp match protocol smtp match protocol isakmp match protocol ipsec-msft Class map can be used for … Continue reading Security: Zone based firewall rules