due to a Company policy i have to use a SSA 150 as a central Routing Switching System with NAT & Basic Firewall.
I have created Static & Dynamic Nat Rules and all works fine .. now i have to secure the Server vlan with an ACL.
I ́m not so familiar with ACL and perhaps you can help me with an example :
Internal Network : 5 VLANS with 172.16.X.0 /24
Public Network : 195.37.81 /24 (Example )
VLAN 30 for the Server : 172.16.199.0/24
I Need a ACL for the VLAN 30 with contain the following :
- Rule 1 : everybody from internal Network can Access all from VLAN 30
Permit ip 172.16.0.0 0.0.255.255 any ( correct ? )
Rule 3 : all other Public IP ́s can Access the VLAN 30 ( Static NAT Rules )
Permit ip 18.104.22.168 0.255.255.255 any
- Rule 3 all from outside the world can Access the Webserver on Port 80 on Host 172.16.99.150
- Rule 4 only Host 22.214.171.124 (Example) can acccess the Port: 3389 on Host 172.16.99.150
of course i need a bunch of Rules like 3 or 4 .. but with one example from you .. i would complete this ...
Many THX for Help