Taking stock of an existing ASA Firewall

Posted by Nate on Server Fault See other posts from Server Fault or by Nate
Published on 2011-03-09T15:16:42Z Indexed on 2011/03/09 16:12 UTC
Read the original article Hit count: 248

Filed under:
|
|

Imagine you are given an existing network using an ASA firewall. The network works, but you aren't sure of anything else. The firewall may be completely improperly configured, with "outside" actually being inside and "inside" actually being outside, for all you know.

My question is this: what are the commands to take stock of an existing ASA firewall setup? With only CLI access, how do I figure out:

  1. What interfaces are available
  2. The names of the interfaces
  3. The security levels attached to the interfaces
  4. The access-lists attached to the interfaces, including rules and directions

I know how to set these things (interface, nameif, security-level, and access-list/access-group), but I don't know how to figure them out given an existing system.

On a related note, is there anything else that I should worry about checking to make sure that the network isn't wide open?

Thanks!

© Server Fault or respective owner

Related posts about firewall

Related posts about cisco