The default config for a PIX is to let all traffic originating from the
inside through to the outside. All inbound traffic is blocked unless there
is an established connection (from the inside) or a conduit. In order to
better control my environment I would like to block all outbound traffic
with some kind of access list. I'm hoping this way I can control what
services my users have available. I would start by allowing
http,https,ftp, nntp, telnet, smtp, and a few others that I know are used.
I'm hoping this will help control the use of things like Napster and
whatever new problem applications come along.
Questions:
1. Is this practical? Does the typical list of services become
unmanageable? Are there performance issues doing this?
2. What other common protocols are typical and safe to allow?
3. Does someone have a sample configuration I could use as a template.
Thanks
Tom
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
