The default config for a PIX is to let all traffic originating from the inside through to the outside. All inbound traffic is blocked unless there is an established connection (from the inside) or a conduit. In order to better control my environment I would like to block all outbound traffic with some kind of access list. I'm hoping this way I can control what services my users have available. I would start by allowing http,https,ftp, nntp, telnet, smtp, and a few others that I know are used. I'm hoping this will help control the use of things like Napster and whatever new problem applications come along. Questions: 1. Is this practical? Does the typical list of services become unmanageable? Are there performance issues doing this? 2. What other common protocols are typical and safe to allow? 3. Does someone have a sample configuration I could use as a template. Thanks Tom [EMAIL PROTECTED] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
