object-group service PORTS_ALLOWED_OUT
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq ssh
service-object udp destination eq domain (check)
service-object tcp destination eq ftp-data
service-object tcp destination eq ftp
service-object tcp destination eq telnet
service-object tcp destination eq smtp
service-object tcp destination eq 123
service-object tcp destination eq rtsp
service-object tcp destination eq 873
service-object tcp destination eq 993
access-list INSIDE_OUT remark *** Allow ping ***
access-list INSIDE_OUT extended permit icmp any any
access-list INSIDE_OUT remark *** Allow standard ports out ***
access-list INSIDE_OUT extended permit object-group PORTS_ALLOWED_OUT any any
access-list INSIDE_OUT extended deny ip any any log
88 - kerberos
445 - microsoft DS
137 - netbios
No comments:
Post a Comment