Firewall Ports

I have no problems connecting to e-mail, Safari or any other wifi app on my work network. The problem is I cannot connect to YouTube, itunes store, or the app store on my work network. All apps and features work at home or on random wifi in the area. I would like to know what ports should be open on my firewall to allow the three non connectable apps.

ports can be set for inbound or outbound depending on any ACLs that may be in place. (you may need both in some circumstances)
generally speaking, on a firewall, to open a port means to open it for inbound traffic. (public users allowed access to your private network via that port)
if you have software inside your company that uses port 445 and it needs to talk to a device outside the firewall, be sure the firewall has outbound access for that port. (may require inbound as well if the external device needs to talk to port 445 back into your network)
if you have software outside your company that uses port 445 and it needs to talk to a device inside the firewall, be sure the firewall has inbound access for that port. (may require outbound as well if the internal device needs to talk to port 445 back out of your network)

Similar Messages

  • DNS for internal network and Firewall ports?

    Hello,
    I don't know were to begin, so I guess I'll start with my setup.
    I have Mac OS X server 10.5.7 running DNS, Firewall, Mail, iChat, RADIUS, VPN, SMB. Behind an Airport Base Station in DMZ.
    My DSN setup is just for the server and local clients. I'm also setup to forward my ISP DNS.
    My question is do I need to open any ports in the firewall. I currently have my local subnet 172.16.4.x to allow all. The "Any" subnet to allow DNS outbound. Is this correct or am I creating a security risk?
    I dont want the public to be able to use my DNS server. (I would like to ONLY allow my local network, and VPN users.)
    Thanks!
    Message was edited by: Robert LaRocca

    I always recommend going with a hardware device (including the base station) over IPFW when running a server.
    The main reason is that when you're running behind a NAT device (such as the AirPort Base Station), ALL incoming traffic is blocked unless you specifically enabled it via port forwarding. A positive security model.
    In contrast, Mac OS X Server will open firewall ports based on the services you're running, without regard to whether that service should be publicly accessible or not.
    You then have to go through the motions of securing each service to either block external traffic at the service level (e.g. by telling the application what addresses it can listen to), or at the network level (by configuring the firewall to block external access). This is a bad security model since each service is public by default and you have to go out of your way to secure it.
    Also bear in mind that you might not think this is a problem today since you can just configure IPFW and be done, but what about next week? or next month? or next year when you add another service. Will you remember to reconfigure the firewall to secure it then?

  • ATV not shown in devices list and firewall port 3689

    Having a nightmare with ATV. I have searched and found some help for some of the ATV problems I have had in other threads but seems that a couple of issues remain unsolved for most people.
    I have just purchased an ATV updated it to latest software; at first had the Samsung TV HDMI problem which can be solved by telling the TV that the connection is a PC (seems to alter settings for that HDMI port on Samsung TVs).
    All was well for 30 mins (kids got stuck in and started watching a film that was on my itunes library) then ATV lost connection to itunes media (still had network and internet for movie trailers). Tried various things reset ATV and quit itunes etc and got the firewall port 3689 error message in itunes.
    Tried a variety of stuff to fix the 3689 issue including: fixing permissions on imac HD; re-installing itunes, adding port forwarding to my BT homehub, telling itunes to share my library, adding firewall rule in OSX for itunes. Then reset and tried again, this time it worked for several hours started to sync etc. Then paused ATV in middle of film and imac went into sleep mode....after this ATV stopped seeing itunes media and imac went into circle of death.
    Since reboot of imac and reset of ATV nothing works; can't see ATV in itunes at all, tried all the normal reboot type stuff.
    Starting to get frustrated ATV seems flakey expected this to be normal apple experience but so far I feel like I do at work in Microsoft **** where nothing makes sense and I'm rebooting all the time ...any ideas ...BT homehub is suspect but seems odd that it worked for hours then stopped !!

    OK - rebooted BThomehub and forced ATV off network and back on and now itunes can see ATV and is syncing again.
    The common failure on both previous occasions was pausing a film for few minutes and imac going into sleep mode on second time.
    Anyone seen this before ... ?

  • Apple TV Not Syncing - Error Suggesting Firewall Port 3869 Issue

    I am suddenly having issues syncing my PC iTunes library with my Apple TV. iTunes is giving a message stating that the Apple TV is not responding and that I should confirm that my firewall port 3869 is open. I turned off the firewall for a few moments to see if the issue would be resolved and it is not.
    iTunes can see the Apple TV, can see what media is installed on the device but cannot sync to it. Any suggestions??

    A few people have reported that deleting the iTunes application and re-installing it can resolve this problem. Also make sure you have the latest version of Bonjour installed on your PC.

  • What are policy firewall port should be permit between meetingplace web external and internal

    I deploy MeetingPlace Web Conferencing with SMA.
    1. What are policy firewall port should be permit between meetingplace web external and internal (web external on DMZ zone and web internal on internal zone)?
    2. Synchronized Globally Unique Identifiers (GUIDs) between internal and external Web Servers used firewall port?

    Hi,
    List of Firewall pots to be opened are mentioned in following document, you can refer your deployment type and open ports as mentioned.
    http://docwiki.cisco.com/wiki/Cisco_Unified_MeetingPlace_Release_8.5_--_System_Requirements_for_Audio-Only_Deployments
    http://docwiki.cisco.com/wiki/Cisco_Unified_MeetingPlace_Release_8.5_--_System_Requirements_for_WebEx-Scheduling_Deployments
    http://docwiki.cisco.com/wiki/Cisco_Unified_MeetingPlace_Release_8.5_--_System_Requirements_for_MeetingPlace-Scheduling_Deployments
    Regards
    Ronak patel

  • Firewall Ports for Web Services

    Hi Experts,
    Can you please list what are the firewall ports to be opened to call a ECC 6.0 system web service from a .Net application, assuming both systems are separated by a firewall
    Thanks in advance
    Regards,
    Krishna

    Hello ,
    Please as far as i know you have to open 4 ports in the ecc system.
    They are
    Message server port =  36<instance number>
    ITS = 80<Instance number>
    Gateway = 33<instance number> -- make sure service entries are maintained (sapgw)
    If you maintain Central SLD - then the specific port needs to be opened. - 5(instance number)00.
    I hope these ports needs to be opened and this is enough,  I believe.
    Vijay.

  • Firewall Port Site Definition Globally Changing

    We are using Dreamwaver MX 2004 Educational Edition.
    We have several Managed Sites configured for secure FTP on
    firewall port 21. We have added a new site but it uses port 1021.
    When we configured that site we were able to connect with no
    probelm. The issue is we discoverd that for our existing defined
    Manage Sites the firewall port automatically changed to 1021. When
    we reset the port back to 21, all the other defined Managed sites
    changed to port 21, inculding the ones defned for port 1021. We
    tested this out on two different machines and the results were the
    same.
    Is this that way it is, or a know issue, a "feature"?
    Thanks for any information.

    Hello Preston Holder. Welcome to the Apple Discussions!
    As you are already aware RDC clients listen on port 3389 by default.
    To change the listening port will require making a Registry mod. This would be typically used if you needed to access more than one computer remotely. (ref: Microsoft Knowledge Base article 306759)
    Locate the appropriate Registry key using Regedit.exe:
    HKEYLOCALMACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\Port Number
    From the Edit menu, click Modify and then click Decimal. Choose a new port number. In general, choosing a number between 49152 and 65535 will avoid conflict with any other apps on your system, but you could theoretically use any port on the system. Once you set the port number you also need to configure your router to pass the specified port to your computer.
    To access your computer remotely, instead of typing just the IP address, you need to type the IP address followed by the port number like this: 192.168.1.1:50001

  • Firewall ports for B2B ( Telepresence with CUBE)

    Could any body let me know what firewall port need to be open for B2B set up telepresence with CUBE on SIP trunk.
    Please suggest
    Regards
    Gautrav

    Hi Harold,
    Please check the link for all SAP port related information
    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/4e515a43-0e01-0010-2da1-9bcc452c280b?QuickLink=index&…
    Thanks and regards,
    Nikhil

  • Firewall ports for Zone Sharing and Subscription?

    Hi again!
    What firewall ports need to be open for Zone Sharing and Subscription?...

    Hello,
    we updated from 11.3.1 to 11.3.2
    Now i can not run the command chkconfig -a novell-proxydhcp to set the proxydhcp to autorun because i get...

  • Firewall Port for DHCP 2012 R2 Failover (Load Sharing mode)

    Hi Everyone,
    I was wondering if anyone can help me with finding a document for required Firewall Ports for DHCP 2012 R2 Failover (Load Sharing mode)
    or just confirm if this is correct or not ?
    TCP 647 for
    DHCP failover messages between DHCP servers
    TCP/UDP 67 and 68 initiate communication between the client and server
    I am not sure if there is anything else
    thanks in advance
    Reza Negarestani

    it was for a technical design document and I put this table for Firewall requirements what do you think ?
    Direction
    Port(s)
    Bidirectional
    TCP 647
    Bidirectional
    TCP 2535
    UDP 2535
    Bidirectional
    TCP 67
    TCP 68
    UDP 67
    UDP 68
    Reza Negarestani

  • Adobe Flash Update Firewall Port

    I have a windows 7 computer with the firewall set to block both inbound and outbound traffic.  What program and firewall port(s) do I need to allow outbound traffic for the Flash auto update to work?

    when you download something from the Internet something can go wrong with the data
    so likely the install packet for flash is corrupt because of something along those lines
    to offer a faster Internet service your ISP (internet service provider) keep a cache or local copy of downloaded data so should another user
    request the same data all the 1's and 0's need not travel across the internet once more which take more time
    the problem is that the cache has no idea that the data got corrupted so until the ISP's cache is cleared over time you may get the same corrupted data should you try to redownload the data
    otherwise there is something wrong with adobes site

  • Apple TV not responding, check firewall port 3689

    Hi,
    I have this problem: "Apple TV not responding" with my PC wired to the router (Thomson Speedtouch 780i WL). I have read all the topics on this issue and tried everything: no success! With my XP laptop I can make a wireless connection and everything works fine. But not with the PC where I have all my music and photo archives on.
    Now I have a clean installed Vista and the problem remains the same. How is this possible?
    - the firewall port 3689 is open
    - i have rebooted everyting
    - i have made a new connection with the apple tv
    - apple tv software is updated
    I want to get this thing working. Could you please help me?
    Thanks, Sliek.

    The problem is not with the router nor the firewall. And with you having the issue on a PC and I having it on a Mac, this rules out the OS. That leaves a networking problem in either iTunes or the AppleTV. Or most likely a dropped packet of information between the two.
    Using NetBarrier I have watched the interaction between my Mac and the AppleTV. The sync occurs in three separate phases. The first phase initiates communications via port 3689 and a few high order ports (49xxx - 6xxxx). After this is finished about a dozen ports are opened by the AppleTV (all high order) for a couple of minutes. When these ports close and after a substantial wait, the AppleTV opens a whole s**t-load of ports (well over 200) and the actual sync occurs. It is this third phase that fails when I fail the sync. Or iTunes gets stuck waiting for a response from the AppleTV. I think that the AppleTV is dropping the ball and failing to respond properly.

  • Cisco Clean Access Update Website and Firewall Port Required

    Hi,
    I was wondering if anyone may know the website the clean access manager would be using to upate as well as the firewall port required. This is due to a firewall in place. Based on some reading, not sure if it uses other website besides the following http://www.perfigo.com/clean_machine_1/version-se.txt on port 80.
    Thanks.

    Hi,
    For CAM checks and rules update, that's the only site required.
    HTH,
    Faisal
    If you find this post helpful, please rate so others can find the answer easily

  • Terminal Services licensing firewall ports

    I have been searching the internet for an informative network\firewall drawing for the Terminal Services Licensing traffic when it comes to firewall ports requirements etc 
    Does someone have a detailed description or a (visio) drawing showing the ports required for WTS Licensing?
    We have the following Citrix based Terminal Server environment:
    - Windows 2008 R2 running XenApp6
    - Clients come from internal (LAN) and external connections (Citrix Access Gateway)
    - There is a firewall between the Citrix XenApp WTS farm and the MS Terminal Services Licensing server (Win 2008 R2)
    Can someone explain how the TSCAL\RDCAL "traffic" flows and the ports required from A-Z ?
    /Tord Bergset

    I believe the correct random ports used for for Windows Server 2008 are 49152-65535, not 1024-65535
    I am looking for a visio or something showing this...
    For Citrix solutions one have no problem finding network drawing showing firewall ports etc, but fro MS WTS licensing I jsut cannot find anything showing ports required etc
    Lot of designd docs\drawings regarding RDP traffic etc, but not anything for the RDCAL\TSCAL licensing traffic
    Scenario below:
    Need all WTS Licensing ports listed for the solution to work for external and internal clients
    External clients   using 2 factor auth
    Firewall
    Citrix Web Interface
    Server
    Firewall
    Citrix Licensing server
    Firewall
    Citrix WTS
    Farm
    Internal Clients
    Citrix Secure Gatway
    MS Terminal server Licensing server
    /Tord Bergset

  • HT4245 Firewall ports & face time

    I worked with my provider to open the firewall ports in the article referred to me by tech support. I still can't connect face time or iMessage even though everything else connects. Now what?

    Hi guys,
    I read some of the other posts on iAd/face time issues, and one person recommended that you replace your DNS address with googles 8.8.8.8
    I ran this by Apple senior tech Kirk, who said this woukd work, however you. May have issues with certain sites/apps. He said that if you did that, activated face time and/or iMessage then returned to settings/wifi/DNS and erased it, yor IP would replace it with the correct one.
    I did just that, as well as returning my firewalls to their default settings...
    It works get!!
    How cool is that!? Kudos to ALL the community of support!

  • Open firewall Ports despite DENY- ALL access rule

    Hi,
    See below my firewall rules.
    Despite the deny all, runnning nmap from outside still reveals open ports.
    name 202.1.53.41 fw1.outside.irc.com
    interface GigabitEthernet0/0
     nameif inside
     security-level 0
     ip address fw1.inside.irc.com 255.255.252.0 standby 172.16.86.219
    interface GigabitEthernet0/1
     nameif SSN-DMZ
     security-level 0
     ip address 10.20.2.1 255.255.255.0 standby 10.20.2.2
    interface GigabitEthernet0/2
     nameif Outside
     security-level 0
     ip address fw1.outside.irc.com 255.255.255.248 standby NAT-202.1.53.45
    interface GigabitEthernet0/3
     description Internet Access for Wireless clients on the guest network
     nameif GuestInternet
     security-level 0
     ip address 192.168.154.2 255.255.254.0
    interface Management0/0
     nameif management
     security-level 10
     ip address 10.10.200.14 255.255.255.0 standby 10.10.200.15
    access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_2 any host WWW.IRC.COM-PRIV
    access-list inside_access_in remark Deny POP3, SSH, TELNET to Deny-Host-Group 172.16.86.246/249
    access-list inside_access_in extended deny object-group DENY-HOST-GROUP object-group DENY-HOST-GROUP-1 any
    access-list inside_access_in remark Allow SMTP external access to Mail Servers group
    access-list inside_access_in extended permit tcp object-group MAIL-GW-GROUP any eq smtp
    access-list inside_access_in remark Deny Any other Users from sending mails via smtp
    access-list inside_access_in extended deny tcp any any eq smtp
    access-list inside_access_in extended deny ip object-group Botnet_Blacklist any
    access-list inside_access_in extended deny ip any SPAM_MACHINE 255.255.255.0
    access-list inside_access_in extended deny ip any host SPAMIP
    access-list inside_access_in extended permit ip object-group Socialsites_Allowed object-group Facebook
    access-list inside_access_in extended deny object-group DM_INLINE_SERVICE_8 any object-group Facebook
    access-list inside_access_in remark Rule to block Internal users from accessing youtube
    access-list inside_access_in extended deny object-group DM_INLINE_SERVICE_9 any object-group YoutubeIPs
    access-list inside_access_in remark Suspected Virus Ports
    access-list inside_access_in extended deny tcp any any object-group DM_INLINE_TCP_17
    access-list inside_access_in remark Ports Commonly used by Botnet and Malwares
    access-list inside_access_in extended deny tcp any any object-group IRC
    access-list inside_access_in remark Allow Access to External DNS to ALL
    access-list inside_access_in extended permit object-group DNS-GROUP object-group DNS-SERVERS object-group External_DNS_Servers
    access-list inside_access_in remark Allow Any to Any on Custom TCP/UDP services
    access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_12
    access-list inside_access_in remark Allow Any to Any VPN Protocols group
    access-list inside_access_in extended permit object-group VPN-GROUP any any
    access-list inside_access_in extended permit ip any host pomttdbsvr
    access-list inside_access_in remark Allow Access to DMZ from Inside
    access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_10
    access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_5 any 10.20.2.0 255.255.255.0
    access-list inside_access_in extended permit tcp any any eq pop3
    access-list inside_access_in extended permit object-group Web-Access-Group any any
    access-list inside_access_in remark DNS RATING SERVICE FOR BLUECOAT SG510 PROXY
    access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_11 object-group DM_INLINE_NETWORK_4 eq www inactive
    access-list inside_access_in extended permit tcp any host 202.165.193.134 object-group DM_INLINE_TCP_3
    access-list inside_access_in remark Yahoo Messenger Test
    access-list inside_access_in extended permit tcp any any object-group YahooMessenger
    access-list inside_access_in extended permit ip host AVIRUSMAN 192.168.254.0 255.255.255.0
    access-list inside_access_in extended permit tcp any any object-group smile
    access-list inside_access_in extended permit udp any host smile.telinet.com.pg object-group smile-udp
    access-list inside_access_in remark testing access for mobile phones behind wireless router
    access-list inside_access_in extended permit ip host Wireless-Router any inactive
    access-list inside_access_in extended permit tcp any any object-group FTP-Service-Group inactive
    access-list inside_access_in extended permit ip host mailgate.irc.com any
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group DM_INLINE_NETWORK_2 any object-group NTP
    access-list inside_access_in extended permit tcp any any object-group web-email-services
    access-list inside_access_in remark Murray PC
    access-list inside_access_in extended permit ip host 10.100.20.36 any
    access-list inside_access_in extended permit tcp any any object-group Itec-Citrix
    access-list inside_access_in extended permit ip host EP200 any
    access-list inside_access_in extended permit tcp any any object-group TCP-SMTP
    access-list inside_access_in extended permit tcp any host 202.165.193.134 eq 3391
    access-list inside_access_in extended permit ip object-group IT-Servers any
    access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_1
    access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_14 any inactive
    access-list inside_access_in extended permit ip host 10.100.20.23 any
    access-list inside_access_in extended permit tcp host NOC-NMS-CDMA host 202.165.193.134 object-group DM_INLINE_TCP_4
    access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_12 object-group Bluecoat-DNS-Rating eq www
    access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_13 any
    access-list inside_access_in extended permit udp host solarwinds-server any eq snmp
    access-list inside_access_in extended permit tcp host kaikai any object-group test-u inactive
    access-list inside_access_in extended permit tcp any host fw1.outside.irc.com object-group TCP-88
    access-list inside_access_in extended permit udp host solarwinds-server any object-group DM_INLINE_UDP_1
    access-list inside_access_in extended permit ip host IN-WEB-APP-SERVER any
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 host KMS-Server any object-group KMS
    access-list inside_access_in extended permit tcp any any object-group TeamVIewer-TCP
    access-list inside_access_in extended permit icmp any any traceroute
    access-list inside_access_in extended permit ip host KMS-Server any
    access-list inside_access_in extended deny ip any host 87.255.51.229
    access-list inside_access_in extended deny ip any host 82.165.47.44
    access-list inside_access_in extended permit ip host InterConnect-BillingBox any
    access-list inside_access_in extended permit icmp any host fw1.outside.irc.com
    access-list inside_access_in extended permit icmp any any
    access-list inside_access_in remark For ACCESS MPLS team
    access-list inside_access_in extended permit tcp any host 202.165.193.134 object-group RDP-MPLS-Huawei
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 host mailgate.irc.com any eq domain
    access-list inside_access_in extended permit tcp any host 66.147.244.58 object-group SMTP-26
    access-list inside_access_in extended deny object-group DM_INLINE_PROTOCOL_1 any any object-group Airfiji-SW
    access-list inside_access_in extended permit tcp host chief.bula.irc.com any
    access-list inside_access_in extended permit ip host Avabill86.181 any
    access-list inside_access_in extended permit ip any object-group AVG
    access-list inside_access_in extended permit ip host solarwinds-server any
    access-list inside_access_in extended permit tcp host 172.16.87.219 any object-group TCP-4948
    access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_10 any host Avabill_Consultant_IP_Sri-Lanka
    access-list inside_access_in extended permit tcp any host 69.164.201.123 eq smtp inactive
    access-list inside_access_in extended permit tcp any any object-group GMAIL inactive
    access-list inside_access_in extended permit tcp any any object-group NOC1
    access-list inside_access_in extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
    access-list inside_access_in extended permit tcp any host smile.telinet.com.fj object-group tcp-20080-30080
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any object-group SIP-5060-5062
    access-list inside_access_in extended permit ip host LYNC-2013-SERVER any
    access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_7 object-group Lync_Servers any
    access-list inside_access_in extended permit object-group VPN-GROUP host 10.100.20.94 any inactive
    access-list inside_access_in remark Pocket Solutions -TEMP
    access-list inside_access_in extended permit ip host 10.100.20.121 any
    access-list inside_access_in extended permit tcp host John_sibunakau any object-group JohnTESTPort inactive
    access-list inside_access_in extended permit ip host CiscoRadiusTestPC any
    access-list inside_access_in extended permit ip any host HungaryServer inactive
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com eq ssh
    access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any host fw1.outside.irc.com object-group itec-support-tcp-udp
    access-list Outside_access_in remark Allow All to NAT Address on SSL/SSH/SFTP(2222)
    access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group DM_INLINE_TCP_9
    access-list Outside_access_in remark Allow All to Outside On Fujitsu and 777-7778 ports
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_8
    access-list Outside_access_in remark Allow all to Outside on Custom ports
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_7
    access-list Outside_access_in remark Allow Inbound HTTP to WWW.IRC.COM
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com eq www
    access-list Outside_access_in extended permit icmp any host fw1.outside.irc.com
    access-list Outside_access_in extended permit object-group TCPUDP any host fw1.outside.irc.com object-group BrouardsGroup
    access-list Outside_access_in remark Allow ALL to RealVNC ports
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group RealVNC-TCP5900
    access-list Outside_access_in remark Allow ALL access to 202.1.53.43 on RealVNC ports
    access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group RealVNC-TCP5900
    access-list Outside_access_in remark Allow DNS queries from Internet to DNS server
    access-list Outside_access_in extended permit object-group TCPUDP object-group ITEC-Group-Inbound host fw1.outside.irc.com object-group itec-sftp
    access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group DM_INLINE_TCP_14
    access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_1 host SkyTel host fw1.outside.irc.com
    access-list Outside_access_in remark Telinet/Inomial temp access to test machine M.Orshansky
    access-list Outside_access_in extended permit tcp host 203.92.29.151 host fw1.outside.irc.com eq 3390
    access-list Outside_access_in extended permit tcp any host NAT-202.58.130.43 object-group RDP
    access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group ITEC-Group-Inbound host fw1.outside.telikompng.com.pg object-group INTEC-Service
    access-list Outside_access_in extended permit tcp host 220.233.157.98 host fw1.outside.irc.com eq ssh inactive
    access-list Outside_access_in extended permit ip any host fw1.outside.telikompng.com.pg
    access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group CRM
    access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group HTTP-8010-CRM
    access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group HTTP-8005-CRM
    access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any object-group NTP
    access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any host fw1.outside.irc.com object-group DNS
    access-list Outside_access_in remark Ultra VNC connection to 172.16.84.34@nadi Exchange
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group UVNC
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group UVNC-HTTP
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group POP3-SSL
    access-list Outside_access_in extended permit object-group EMAIL-SMARTPHONES any host fw1.outside.irc.com
    access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group exchange-RPC
    access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group exchange-RPC
    access-list Outside_access_in extended permit icmp any host NAT-202.1.53.43
    access-list Outside_access_in remark Access to Solarwinds Management box
    access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group Solarwinds
    access-list SSN-DMZ_access_in remark Permit DNS Quiries out of DMZ
    access-list SSN-DMZ_access_in extended permit object-group TCPUDP any any eq domain
    access-list SSN-DMZ_access_in remark Allow SQL ports out of DMZ to Host 172.16.86.70
    access-list SSN-DMZ_access_in extended permit tcp any host HOST-172.16.86.70 object-group SQL-Group
    access-list SSN-DMZ_access_in remark Allow Custom protocols out of DMZ to host 172.16.86.27
    access-list SSN-DMZ_access_in extended permit tcp any host HOST-172.16.86.27 object-group DM_INLINE_TCP_2
    access-list SSN-DMZ_access_in extended permit tcp host suva-vdc-int2.suva.irc.com host WWW.IRC.COM=PRIV eq 3389
    access-list SSN-DMZ_access_in extended permit object-group Web-Access-Group host WWW.IRC.COM-PRIV any
    access-list SSN-DMZ_access_in extended permit tcp any host WWW.IRC.COM.-PRIV object-group DMZ-WebAccess
    access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_access any
    access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_webcon any
    access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_AV any
    access-list inside_nat0_outbound extended permit ip any 192.168.254.0 255.255.255.0
    access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_6 host 10.10.200.1
    access-list inside_nat0_outbound extended permit ip any host WWW.IRC.COM-PRIV
    access-list inside_nat0_outbound extended permit ip host ns.irc.com any
    access-list inside_nat0_outbound extended permit ip any 10.200.200.0 255.255.255.0
    access-list Outside_nat0_outbound extended permit ip 192.168.254.0 255.255.255.0 any
    access-list Outside_nat0_outbound extended permit ip mcr_Management 255.255.255.0 any
    access-list alcatel-my remark Allow Alcatel-my access to TIRC(1)
    access-list alcatel-my standard permit 172.16.24.0 255.255.252.0
    access-list alcatel-my remark Allow Alcatel-my access to TIRC(2)
    access-list alcatel-my standard permit 172.16.84.0 255.255.252.0
    access-list 131 extended permit ip host MICHAEL any
    access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 mcr_Management 255.255.255.0
    access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_5
    access-list management_access_in extended permit object-group Web-Access-Group host 10.10.200.1 any
    access-list management_access_in extended permit ip host 10.10.200.1 host 172.16.87.47
    access-list management_access_in extended permit ip host 10.10.200.1 host IN-WSC
    access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_8
    access-list management_access_in extended permit tcp host 10.10.200.1 object-group DM_INLINE_NETWORK_3 eq 3389
    access-list management_access_in remark To BlueCaot Appliances
    access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_1
    access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_7
    access-list management_access_in extended permit tcp 10.10.200.0 255.255.255.0 object-group Management_Hosts object-group RDP
    access-list management_access_in extended permit icmp host 10.10.200.1 any traceroute
    access-list management_access_in extended permit ip host 10.10.200.1 host NOC-NMS-CDMA
    access-list management_access_in extended permit object-group DM_INLINE_SERVICE_3 host 10.10.200.1 any
    access-list management_access_in extended permit tcp host 10.10.200.1 any eq ftp
    access-list management_access_in extended permit tcp host bula host 10.10.200.1 object-group RDP inactive
    access-list management_access_in extended permit tcp host 10.100.20.23 host 10.10.200.1 object-group RDP
    access-list management_access_in extended permit ip host 10.10.200.1 any
    access-list management_access_in extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
    access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 host solarwinds-server
    access-list management_access_in extended permit ip any any
    access-list management_access_in extended permit ip host 10.10.200.1 host bula inactive
    access-list management_access_in extended permit ip any host solarwinds-server
    access-list management_access_in extended permit ip host solarwinds-server any
    access-list management_access_in extended permit ip object-group PacketFence-Servers 10.10.200.0 255.255.255.0
    access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 object-group PacketFence-Servers
    access-list management_access_in extended permit ip object-group 3750-Switches host solarwinds-server
    access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 host 10.10.200.1
    access-list management_access_in extended permit ip host 10.10.200.1 10.10.200.0 255.255.255.0
    access-list Outside_access_in_1 extended permit ip any any
    access-list management_access_in_1 extended permit ip mcr_Management 255.255.255.0 any
    access-list inside-networks remark internal tpng corporate subnetwork
    access-list inside-networks standard permit 172.16.84.0 255.255.252.0
    access-list inside-networks remark dms10
    access-list inside-networks standard permit host 10.10.0.0
    access-list 84-subnet remark 84 subnet
    access-list 84-subnet standard permit 172.16.84.0 255.255.252.0
    access-list 84-subnet remark 4 subnet
    access-list 84-subnet standard permit inside-network-extra-subnet 255.255.252.0
    access-list split-tunnel remark 84 subnet
    access-list split-tunnel standard permit 172.16.84.0 255.255.252.0
    access-list split-tunnel remark 4 subnet
    access-list split-tunnel standard permit inside-network-extra-subnet 255.255.252.0
    access-list split-tunnel remark Access to internal POP3 server
    access-list split-tunnel standard permit host neptune.waigani.telikompng.com.pg
    access-list split-tunnel remark Access to internal SMTP server
    access-list split-tunnel standard permit host minerva.suva.irc.com
    access-list split-tunnel remark Allow access to the 24 subnet
    access-list split-tunnel standard permit 172.16.24.0 255.255.252.0
    access-list split-tunnel standard permit Cisco-VLans 255.255.0.0
    access-list inside_authentication extended permit tcp any object-group DM_INLINE_TCP_11 any object-group DM_INLINE_TCP_13 time-range WorkingHours inactive
    access-list itsupport standard permit NOC 255.255.252.0
    access-list itsupport standard permit 172.16.96.0 255.255.252.0
    access-list itsupport standard permit 10.20.2.0 255.255.255.0
    access-list itsupport standard permit 10.10.200.0 255.255.255.0
    access-list itsupport standard permit 172.16.84.0 255.255.252.0
    access-list itsupport standard permit inside-network-extra-subnet 255.255.252.0
    access-list itsupport standard permit 10.2.1.0 255.255.255.0
    access-list itsupport standard permit 172.16.88.0 255.255.252.0
    access-list itsupport standard permit Cisco-VLans 255.255.0.0
    access-list itsupport remark Access to IT-LAN-UPGRADE Network
    access-list itsupport standard permit IT-NETWORK-NEW 255.255.0.0
    access-list itsupport remark KWU Exchange subnet
    access-list itsupport standard permit 172.16.188.0 255.255.252.0
    access-list itsupport standard permit ATM-Network 255.255.0.0
    access-list global_mpc extended permit ip any any
    access-list management_nat0_outbound extended permit ip any inside-network-extra-subnet 255.255.252.0 inactive
    access-list management_nat0_outbound extended permit ip mcr_Management 255.255.255.0 any
    access-list management_nat0_outbound extended permit ip any object-group DM_INLINE_NETWORK_9
    access-list management_nat0_outbound extended permit ip host 10.10.200.1 object-group Management_Hosts
    access-list management_nat0_outbound extended permit ip any 172.16.84.0 255.255.252.0
    access-list management_nat0_outbound extended permit ip any MCR_POM 255.255.255.0
    access-list management_nat0_outbound extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_10
    access-list management_nat0_outbound extended permit ip any Cisco-VLans 255.255.0.0
    access-list management_nat0_outbound extended permit ip 10.10.200.0 255.255.255.0 host solarwinds-server
    access-list management_nat0_outbound extended permit ip 10.10.200.0 255.255.255.0 object-group DM_INLINE_NETWORK_15
    access-list Capture extended permit ip any host 192.118.82.140
    access-list Capture extended permit ip host 192.118.82.140 any
    access-list Capture extended permit ip host 192.118.82.160 any
    access-list Capture extended permit ip any host 192.118.82.160
    a
    access-list inside-network-access-only remark Allow Maggie Talig access to the 84 subnet only
    access-list inside-network-access-only standard permit 172.16.84.0 255.255.252.0
    access-list inside-network-access-only remark Allow Maggie Talig access to the 4 subnet only
    access-list inside-network-access-only standard permit inside-network-extra-subnet 255.255.252.0
    access-list SSN-DMZ_nat0_outbound extended permit ip host WWW.IRC.COM-PRIV object-group Internal-Networks
    access-list inside_nat0_outbound_1 extended permit ip host AVIRUSMAN 192.168.254.0 255.255.255.0
    access-list NETFLOW extended permit tcp any any
    access-list NETFLOW extended permit object-group DNS-GROUP any host fw1.outside.irc.com
    access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_6 any host fw1.outside.irc.com
    access-list NETFLOW extended permit udp any host fw1.outside.irc.com
    access-list NETFLOW extended permit tcp any host fw1.outside.irc.com eq smtp
    access-list NETFLOW extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_5
    access-list NETFLOW extended permit tcp any host fw1.outside.irc.com object-group TCP-8080
    access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_4 any host NAT-202.58.130.43
    access-list NETFLOW remark Reverse Proxy Inbound Rules from Internet- Lync 2013 Project - Lync Simple URLs
    access-list NETFLOW extended permit tcp any host 202.58.130.69 object-group DM_INLINE_TCP_6
    access-list NETFLOW remark Lync Edge Access Inbound Rule - Restricting Inbound
    access-list NETFLOW extended permit object-group pomlynedsvr01_access_Outside_to_DMZ any host 202.58.130.66
    access-list NETFLOW remark Lync Edge Outside to Inside for AV Interface
    access-list NETFLOW extended permit object-group pomlynedsvr01_webcon_outside_to_DMZ any host 202.58.130.67
    access-list NETFLOW extended permit object-group pomlynedsvr01_AV_Outside_to_DMZ any host 202.58.130.68
    access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_11 any host NAT-fijiircdata
    access-list NETFLOW extended deny ip host SPAMIP any
    access-list NETFLOW extended deny ip SPAM_MACHINE 255.255.255.0 any
    access-list NETFLOW extended deny ip host 220.233.157.99 any log debugging
    access-list Huawei-Access-Networks remark HUawei-Network-Elements
    access-list Huawei-Access-Networks standard permit 192.168.200.0 255.255.255.0
    access-list Huawei-Access-Networks remark Access to Ela Beach MPLS network
    access-list Huawei-Access-Networks standard permit 10.100.70.0 255.255.255.0
    access-list Huawei-Access-Networks remark Huawei Network elements
    access-list Huawei-Access-Networks standard permit 192.168.210.0 255.255.255.0
    access-list Huawei-Access-Networks remark Huawei network elements
    access-list Huawei-Access-Networks standard permit 192.168.213.0 255.255.255.0
    access-list management_nat0_outbound_1 extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
    access-list Alcatel-NMS-ACL remark Access allowed to Alcatel NMS devices in NOC
    access-list Alcatel-NMS-ACL standard permit 10.2.1.0 255.255.255.0
    access-list Business-Systems-Access remark Mail Server 1
    access-list Business-Systems-Access standard permit host neptune.waigani.telikompng.com.pg
    access-list Business-Systems-Access remark Mail Server 2
    access-list Business-Systems-Access standard permit host minerva.waigani.telikompng.com.pg
    access-list Business-Systems-Access remark SAP PROD
    access-list Business-Systems-Access standard permit host SAP-SAPPROD
    access-list Business-Systems-Access remark Avabill Application Server
    access-list Business-Systems-Access standard permit host Avabill86.177
    access-list Business-Systems-Access remark Backup Avabill Application Server
    access-list Business-Systems-Access standard permit host Avabill84.170
    access-list Business-Systems-Access remark HRSelfcare
    access-list Business-Systems-Access standard permit host HOST-172.16.86.248
    access-list Business-Systems-Access remark Intranet Server
    access-list Business-Systems-Access standard permit host 172.16.85.32
    access-list IT-Systems-Support remark Access to inside network
    access-list IT-Systems-Support standard permit 172.16.84.0 255.255.252.0
    access-list IT-Systems-Support remark Access to IN netwwork
    access-list IT-Systems-Support standard permit 172.16.88.0 255.255.252.0
    access-list IT-Systems-Support standard permit Cisco-VLans 255.255.0.0
    access-list Systems-XS remark Access to 84 subnet
    access-list Systems-XS standard permit 172.16.84.0 255.255.252.0
    access-list Systems-XS remark Access to .4 subnet
    access-list Systems-XS standard permit inside-network-extra-subnet 255.255.252.0
    access-list Systems-XS remark Access to 10.100.x.x/24
    access-list Systems-XS standard permit Cisco-VLans 255.255.0.0
    access-list Huawei-NOC standard permit 172.16.84.0 255.255.252.0
    access-list Huawei-NOC standard permit Cisco-VLans 255.255.0.0
    access-list Huawei-NOC standard permit HASUT 255.255.255.0
    access-list Huawei-NOC standard permit IT-NETWORK-NEW 255.255.0.0
    access-list efdata remark Allow efdata access to above device as per request by chris mkao
    access-list efdata standard permit 172.16.92.0 255.255.252.0
    access-list test standard permit 172.16.92.0 255.255.252.0
    access-list Ghu_ES_LAN remark Allow efdata access to fij ES LAN
    access-list Ghu_ES_LAN extended permit ip any 172.16.92.0 255.255.252.0
    access-list GuestInternet_access_in extended permit ip any any
    global (inside) 1 interface
    global (SSN-DMZ) 1 interface
    global (Outside) 1 interface
    global (management) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 0 access-list inside_nat0_outbound_1 outside
    nat (inside) 1 0.0.0.0 0.0.0.0
    nat (SSN-DMZ) 0 access-list SSN-DMZ_nat0_outbound
    nat (SSN-DMZ) 1 WWW.IRC.COM-PRIV 255.255.255.255
    nat (Outside) 0 access-list Outside_nat0_outbound
    nat (GuestInternet) 1 0.0.0.0 0.0.0.0
    nat (management) 0 access-list management_nat0_outbound
    nat (management) 0 access-list management_nat0_outbound_1 outside
    nat (management) 1 10.10.200.1 255.255.255.255
    static (inside,Outside) tcp interface 10103 mailgate.irc.com 10103 netmask 255.255.255.255
    static (SSN-DMZ,Outside) tcp interface www WWW.IRC.COM-PRIV www netmask 255.255.255.255
    static (inside,Outside) tcp interface smtp mailgate.irc.com smtp netmask 255.255.255.255
    static (inside,Outside) tcp interface telnet HOST-172.16.84.144 telnet netmask 255.255.255.255
    static (inside,Outside) tcp interface pcanywhere-data HOST-192.168.1.14 pcanywhere-data netmask 255.255.255.255
    static (inside,Outside) udp interface pcanywhere-status HOST-192.168.1.14 pcanywhere-status netmask 255.255.255.255
    static (inside,Outside) tcp interface ssh InterConnect-BillingBox ssh netmask 255.255.255.255
    static (inside,Outside) udp interface ntp confusious.suva.irc.com ntp netmask 255.255.255.255
    static (inside,Outside) tcp interface 10002 HOST-172.16.200.121 10002 netmask 255.255.255.255
    static (inside,Outside) tcp interface 10003 HOST-172.16.200.122 10003 netmask 255.255.255.255
    static (inside,Outside) tcp interface 10004 HOST-172.16.41.26 10004 netmask 255.255.255.255
    static (inside,Outside) tcp interface 10005 HOST-172.16.41.27 10005 netmask 255.255.255.255
    static (inside,Outside) tcp interface https Avabill86.181 https netmask 255.255.255.255
    static (inside,Outside) tcp interface 7778 Avabill86.181 7778 netmask 255.255.255.255
    static (inside,Outside) tcp interface 8080 Avabill86.181 8080 netmask 255.255.255.255
    static (inside,Outside) tcp interface 7777 Avabill86.181 7777 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.45 https Avabill86.177 https netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 2222 daywalker.suva.irc.com 2222 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 ftp waigani-pdc-int2.suva.irc.com ftp netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 www neptune.suva.irc.com www netmask 255.255.255.255
    static (inside,Outside) tcp interface 5900 Primary1352CM 5900 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 5900 Backup1352CM 5900 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 https neptune.suva.irc.com https netmask 255.255.255.255
    static (inside,Outside) tcp interface 24 HOST-172.16.86.87 24 netmask 255.255.255.255
    static (inside,Outside) udp interface domain ns.irc.com domain netmask 255.255.255.255
    static (inside,Outside) tcp interface pop3 neptune.suva.irc.com pop3 netmask 255.255.255.255
    static (inside,Outside) tcp interface 7780 Apache-WebServer 7780 netmask 255.255.255.255
    static (inside,Outside) tcp interface 8000 CRM-SERVER2 8000 netmask 255.255.255.255
    static (inside,Outside) tcp interface 8010 CRM-SERVER4 8010 netmask 255.255.255.255
    static (inside,Outside) tcp interface 8005 CRM-SERVER3 8005 netmask 255.255.255.255
    static (inside,Outside) tcp interface 123 confusious.suva.irc.com 123 netmask 255.255.255.255
    static (inside,Outside) tcp interface imap4 neptune.suva.irc.com imap4 netmask 255.255.255.255
    static (inside,Outside) tcp interface domain ns.irc.com domain netmask 255.255.255.255
    static (inside,Outside) tcp interface ftp telitgate.irc.com ftp netmask 255.255.255.255
    static (inside,Outside) tcp interface 5901 uvnc-server 5901 netmask 255.255.255.255
    static (inside,Outside) tcp interface 5801 uvnc-server 5801 netmask 255.255.255.255
    static (inside,Outside) tcp interface 5902 172.16.84.200 5902 netmask 255.255.255.255
    static (inside,Outside) tcp interface 5802 172.16.84.200 5802 netmask 255.255.255.255
    static (inside,Outside) tcp interface 995 neptune.suva.irc.com 995 netmask 255.255.255.255
    static (inside,Outside) tcp interface 993 neptune.suva.irc.com 993 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 6001 neptune.suva.irc.com 6001 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 6002 neptune.suva.irc.com 6002 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 6004 neptune.suva.irc.com 6004 netmask 255.255.255.255
    static (inside,Outside) tcp interface 6001 minerva.suva.irc.com 6001 netmask 255.255.255.255
    static (inside,Outside) tcp interface 6002 minerva.suva.irc.com 6002 netmask 255.255.255.255
    static (inside,Outside) tcp interface 6004 minerva.suva.irc.com 6004 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 8720 solarwinds-server 8720 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 9000 solarwinds-server 9000 netmask 255.255.255.255
    static (inside,Outside) tcp interface 2055 solarwinds-server 2055 netmask 255.255.255.255
    static (inside,Outside) tcp interface 88 A-10.100.20.250 88 netmask 255.255.255.255
    static (inside,Outside) tcp interface 10000 ns.irc.com 10000 netmask 255.255.255.255
    static (inside,Outside) udp Ext-R2-Outside-Interface 2055 solarwinds-server 2055 netmask 255.255.255.255
    static (inside,Outside) udp Ext-R2-Outside-Interface snmp solarwinds-server snmp netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 135 neptune.suva.irc.com 135 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 3389 BT-DesktopPC 3389 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.65 www IN-WSC www netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.65 https IN-WSC https netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 ssh Avabill86.176 ssh netmask 255.255.255.255
    static (Outside,inside) tcp 10.100.20.36 5432 smile.telinet.com.pg 5432 netmask 255.255.255.255
    static (inside,Outside) tcp interface 222 chief.suva.irc.com ssh netmask 255.255.255.255
    static (inside,Outside) tcp interface 5061 LYNC-2013-SERVER 5061 netmask 255.255.255.255
    static (inside,Outside) tcp interface 5432 10.100.20.36 5432 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 182 dadbsvr www netmask 255.255.255.255
    static (SSN-DMZ,Outside) 202.58.130.69 pomlynrprx01 netmask 255.255.255.255
    static (SSN-DMZ,Outside) 202.58.130.66 pomlynedsvr01_access netmask 255.255.255.255
    static (SSN-DMZ,Outside) 202.58.130.67 pomlynedsvr01_webcon netmask 255.255.255.255
    static (SSN-DMZ,Outside) 202.58.130.68 pomlynedsvr01_AV netmask 255.255.255.255
    access-group inside_access_in in interface inside
    access-group SSN-DMZ_access_in in interface SSN-DMZ
    access-group Outside_access_in_1 in interface Outside control-plane
    access-group NETFLOW in interface Outside
    access-group GuestInternet_access_in in interface GuestInternet
    access-group management_access_in_1 in interface management control-plane
    access-group management_access_in in interface management
    route Outside 0.0.0.0 0.0.0.0 Ext-R1-Inside-Interface 1
    route inside 10.2.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.8.0.0 255.255.255.0 VPNGATE 1
    route inside 10.9.254.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.2.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.3.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.4.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.5.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.10.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.15.100.0 255.255.255.0 fw1.outside.irc.com 1
    route inside Cisco-VLans 255.255.0.0 Cisco7200 1
    route inside VLan20-2F 255.255.255.0 Cisco7200 1
    route inside 10.100.67.0 255.255.255.0 IPVPN-Router 1
    route inside 10.100.74.0 255.255.255.0 172.16.86.0 1
    route inside 10.100.75.0 255.255.255.0 172.16.86.0 1
    route inside 10.100.76.0 255.255.255.0 172.16.86.0 1
    route inside LAE 255.255.255.0 172.16.86.0 1
    route inside 10.100.91.0 255.255.255.0 172.16.86.0 1
    route inside 10.100.110.0 255.255.255.0 172.16.86.0 1
    route inside 10.100.111.0 255.255.255.0 172.16.86.0 1
    route inside 10.100.114.0 255.255.255.0 172.16.86.0 1
    route inside 10.200.200.0 255.255.255.0 Cisco7200 1
    route inside A-10.250.0.0 255.255.0.0 Cisco7200 1
    route inside 10.254.2.0 255.255.255.252 IPVPN-Router 1
    route inside 11.11.3.0 255.255.255.0 172.16.86.0 1
    route inside 11.11.4.0 255.255.255.0 172.16.86.0 1
    route inside 11.11.8.0 255.255.255.0 172.16.86.0 1
    route inside 11.11.9.0 255.255.255.0 172.16.86.0 1
    route inside 20.200.200.0 255.255.255.0 172.16.86.17 1
    route inside inside-network-extra-subnet 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.8.0 255.255.252.0 Cisco7200 1
    route inside 172.16.12.0 255.255.252.0 172.16.86.197 1
    route inside 172.16.24.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside NOC 255.255.252.0 172.16.87.187 1
    route inside 172.16.48.0 255.255.252.0 172.16.84.41 1
    route inside 172.16.52.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.56.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.60.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.64.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.68.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.72.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.76.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.80.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.84.185 255.255.255.255 172.16.86.217 1
    route inside CRM-SERVER1 255.255.255.255 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.88.0 255.255.252.0 Cisco7200 1
    route inside 172.16.92.0 255.255.252.0 Cisco7200 1
    route inside 172.16.96.0 255.255.252.0 172.16.87.172 1
    route inside 172.16.104.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.108.0 255.255.252.0 IPVPN-Router 1
    route inside 172.16.112.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.120.0 255.255.252.0 TFIJIG-CORE-INT-ROUTER 1
    route inside 172.16.124.0 255.255.252.0 IPVPN-Router 1
    route inside 172.16.128.0 255.255.252.0 172.16.86.185 1
    route inside 172.16.132.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.136.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.140.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.144.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.148.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.152.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.156.0 255.255.252.0 IPVPN-Router 1
    route inside 172.16.160.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.164.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.168.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.172.0 255.255.252.0 172.16.87.172 1
    route inside 172.16.180.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.184.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.188.0 255.255.252.0 172.16.86.85 1
    route inside 172.16.188.0 255.255.252.0 Cisco7200 1
    route inside 172.16.192.0 255.255.252.0 172.16.86.194 1
    route inside 172.16.200.0 255.255.252.0 172.16.87.11 1
    route inside 172.16.204.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.208.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.212.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.220.0 255.255.252.0 IPVPN-Router 1
    route inside 172.16.224.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.236.0 255.255.252.0 172.16.87.254 1
    route inside 172.16.240.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.248.0 255.255.252.0 IPVPN-Router 1
    route inside 172.17.84.0 255.255.255.224 IPVPN-Router 1
    route inside 172.18.252.0 255.255.252.0 172.16.84.15 1
    route inside 172.20.0.0 255.255.252.0 172.16.87.11 1
    route management 172.20.1.32 255.255.255.240 10.10.200.18 1
    route inside 192.167.5.0 255.255.255.0 172.16.86.42 1
    route inside 192.168.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.1.0 255.255.255.0 HOST-172.16.84.144 1
    route inside 192.168.1.96 255.255.255.224 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.1.128 255.255.255.224 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.2.0 255.255.255.0 172.16.87.192 1
    route inside 192.168.5.0 255.255.255.0 HOST-172.16.84.144 1
    route inside 192.168.11.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.150.0 255.255.255.0 IPVPN-Router 1
    route inside 192.168.200.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.201.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.202.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.210.0 255.255.255.0 Cisco7200 1
    route inside 192.168.213.0 255.255.255.0 Cisco7200 1
    route inside 192.168.254.0 255.255.255.0 fw1.outside.irc.com 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    class-map inspection_default
     match default-inspection-traffic
    class-map flow_export_class
     match access-list global_mpc
    policy-map global_policy
     class inspection_default
      inspect dns
      inspect esmtp
      inspect h323 h225
      inspect h323 ras
      inspect icmp error
      inspect ipsec-pass-thru
      inspect mgcp
      inspect rsh
      inspect sip  
      inspect skinny  
      inspect snmp
      inspect tftp
      inspect ftp strict
      inspect icmp
     class flow_export_class
      flow-export event-type all destination solarwinds-server
    policy-map type inspect dns migrated_dns_map_1
     parameters
      message-length maximum 512
    service-policy global_policy global
    smtp-server 172.16.86.16
    prompt hostname context
    Cryptochecksum:24270eebd6c941fb7b302b034e32bba1
    : end

    Hi,
    NMAP gives the report for the first firewall interface it hits. In your case you have allowed tcp any any where it allows all the ports. I have mentioned only one example.... There are many in your case....
    Also NMAP results will be effective once when you directly connect to outside interface or directly on to the outside LAN.
    Regards
    Karthik

Maybe you are looking for

  • Error while creating filter using BD59 and BD64

    Hi Friends- While creating filters for HRMD_A  message type  using BD59 i have added one field  stat2 for segment E1P0000    and its coming also in  BD64  while creating filter group  but when i double click on it to give value to it  it  gives me er

  • Service tax reverse mechanism

    Dear all, How to configure the Service tax reverse mechanism. Pls advise below how to configure below scenario Bill of Vendor - Service cost        100,000.00 Add. Service tax @12.36% of service cost 12360 Bill value       112,360.00 Vendor provide b

  • Output on Credit memos

    All, I need to be to able to setup a way where we can choose not to produce an output on credit memo. However there are some instances where we do want to have an output for a credit memo but ideally if we can have an option of producing/not producin

  • Implementing Logging in Web Dynpro

    Hi All,      I was able to define a new Log Controller of type location and able to write the traces(logs) into the default trace file according to the severity. But When i change  the severity for the exsisting Log Configurator "com.sap.tc.webdynpro

  • Selection at infopackage level

    HI Everybody, Is it possible to have selection at infopackage level. Regards, BPNR.