Being a newbie to the pix 501 I am trying to implement a rule set that allows access to ftp and denys all other protocols.
I have config’d nat and a global pool for internal and external hosts, set the relevant rules
– allow inside, outside for ftp
and then established a clean up rule
– deny ip any
The result of this blocks all traffic including ftp
I assume that the pic processes rules in order then branches when it hits an accept rule avioding the clean up rule… am I right or wrong?
can anyone suggest ‘the correct’ rule config to fix the problem or at least offer any explanation why the simple ruleset may not work