The Cisco PIX default configuration (e.g. out of the box) is that 'inside' networks (those with higher security level values) are allowed to connect out to any TCP ports on hosts on 'outside' networks (those with the lower security levels).
So, if you are using a fairly standard configuration with close to the default (builtin) policy you shouldn't have to do anything at all to get the behaviour you want (users should be able to connect out to webservers running on any port). You can (of course) modify this so that you can allow hosts outside to connect to ports on machines inside (e.g. open holes) as well as to restrict the hosts and ports to which your inside users/hosts can connect/send to on the 'outside' if you wish. Some organizations chose to restrict and control web browsing so that all HTTP connections going out have to go through a proxy which logs and potentially checks them against a proscribed list of websites. This can also be done with a PIX but requires additional h/w (proxy server) and s/w (3rd party pkg and subscription to website blacklist supplier). = H. Morrow Long BY wrote: > Current issue:- > Any remote web sites that are not using HTTP PORT 80, my users behind > the firewall are unable to access those sites because there are using > other ports like 8001; or 2048; , etc. > > In few weeks time, we are keen to replace the current Firewall > Checkpoint 4.1 with PIX Firewall 501 I think. > > For who are already using PIX firewall, would you be kind enough telling > me any hints to overcome this http port issues? > > Thanks very much in advanced. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
