One of the features of Access Control Lists (ACLs) on firewalls Cisco Firewall ASA is that you can schedule when a specific ACL is triggered. That is, a particular access list statement will remain disabled until a specific time range is reached. This is useful in cases where you want to allow traffic to certain servers during specific time periods.
Let’s look at the example below where access to the DMZ FTP server is allowed only during business hours (weekdays from 9am to 5pm).
To configure the time range, follow the steps below:
- ASA-TGM(config)# time-range name
- ASA-TGM(config-time-range)# periodic days-of-the-week time big (days-of-the-week) time
Parameters “days-of-the-week” can take the following values:
- monday, tuesday, wednesday, thursday, friday, saturday, sunday
- weekdays
- daily. daily
- weekend. weekend
Parameters “time. time” has format hh:mm
Full configuration above Cisco Firewall as follows:
ASA-TGM(config)# time-range working-hours
ASA-TGM(config-time-range)# Periodic weekdays 9:00 to 17:00
ASA-TGM(config)# access-list FTP-ACCESS extended permit tcp any host 199.1.1.1 eq ftp time-range working-hours
ASA-TGM(config)# access-group FTP-ACCESS in interface external
ASA-TGM(config)# static (DMZ,outside) 199.1.1.1 10.0.0.1 netmask 255.255.255.255
Good luck!
Xem tiếp...