Juan Concepcion Network Engineer/Security Consultant CCSA/CCSE E-Mail:
[email protected]
First, you only need the first rule. Secondly
you'd have to add a rule in the address translation tab to allow your illegal
internal network addresses to go out behind your firewalls external routable
ip.
Security Policy Tab:
Source
Destination Service
Action Track
Network
Any http
accept long
Address Translation Tab
Source
Destination Service
Source
Destination Service
Network
Any
Any Firewall(hide)
original original
Juan Concepcion Network Engineer/Security Consultant CCSA/CCSE E-Mail:
[email protected]
Is it necessary within the rule base to provide
for a connection going both ways? In other words if i need http access
for the entire network is it required to do the following two
rules:
Rule X: Network
Any Http
Accept
Rule
Y: Any Network
Http Accept
Wouldn't just having the first one allow Http to
work both ways requests going out and requested data and acks coming
in?
Thanks,
Ryan
Realivasquez
|