
	Home > Ask the Networking Experts > Enterprise security Questions & Answers > Configuring router ACLs and firewall policy

Ask The Networking Expert: Questions & Answers

EMAIL THIS

Configuring router ACLs and firewall policy

EXPERT RESPONSE FROM: Retired Expert - Luis _Medina

		Pose a Question

		Other Networking Categories

		Meet all Networking Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 05 May 2003
Unlike most Web servers, I need mine open to a select set of single and range IP addresses, on port 80 only. When these addresses are entered into the firewall and the IIS 5.0 IP address and domain name restrictions (where all ip's are DENIED ACCESS except those listed) then my users are not able to get to the Web site. However if the Web site is open to all traffic all ports at the firewall, and restricted at the IIS server in the same manner as above, then they are able to get to the Web site. Any thoughts as to why this could be happening?

The only conclusion that I can come to is that some sort of verification is taking place between my server and the requesting IP that is occurring on something other than port 80. Does this make sense?

First, if your Web servers are accessed by a "set of single and range IP addresses" only - then consider changing the default port of 80 to a unique port (see http://www.iana.org/assignments/port-numbers) at a minimum. Second, properly configure your router ACLs and firewall policy to only allow (above) IP's through. Your Web servers should not be running FTP server, Telnet server, SMTP server, etc. Third, make sure that TCP/IP filtering is properly set on your Web servers. The culprit exists in an improper 1) firewall rule, 2) Web server IP filtering, or 3) static translation statement.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Enterprise security
	How can I calculate perimeter firewall throughput?
	Where can I find a wire driver that unblocks recognized passwords?
	How do I find the application on my network that's dropping packets?
	Is there a way to trace my stolen laptop computer?
	Is WPA2 secure enough for a commercial business wireless network?
	Should organizations separate technical from administrative security?
	What network equipment is needed to secure a small business LAN?
	How to lock wireless routers
	Are you on a domain name system (DNS) blacklist database?
	Where can I find a sample security audit report? How can I run my own?

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Expert networking advice and tips for IT professionals

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2000 - 2009, TechTarget \| Read our Privacy Policy