I am interested in restricting what services are allowed into our network through our PIX Firewall version 5.2(3). We do not currently have specific ACLs defined for this type of activity, and would like to setup ACLs based on groups or IP pools that we would establish internally. Basically, we are interested in having a specific group (i.e. everyone) or all IPs that fall within a given range 10.1.x.x be allowed to access a specific set of ports or services (80/http, 25/SMTP, etc.). Then we would like to have a second specific group (i.e. engineering) or all IPs that fall within the given range of 10.2.x.x be allowed an additional set of ports or services above and beyond the "everyone" group allowed (i.e. 5010/Yahoo Messenger, 1433/Microsoft SQL Server). My questions are: 1. Is this possible or even allowed on the PIX? 2. How should my groups be setup by individual IP or grouped by IP Range? 3. Can I see an example of how my ACLs should be configured? I've heard what I'm trying to do referred to as IP Fencing from a LAN perspective, where specific resources are allowed access to specific resources within the LAN environment, and I'm wondering if that same concept would apply from a firewalling perspective. Thanks in advance for your assistance and response. Stacy _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
