MicroNugget: What is a Cut-Through Proxy on the ASA?

In this video, Keith Barker covers cut-through proxy on an ASA. Just because your server's online doesn't mean it needs to be public — configure a cut-through proxy on your ASA and your firewall will authenticate users before they can even reach your server.

So last week your boss asked you to set up a web server on the internet with NAT and an access list that allows port 80. But this week, the boss comes back: it shouldn't be a public web server. It should only be accessible to a few certain users. So now it's time to train an ASA so that inbound traffic to that server gets stopped, interrogated and passed on only if validated with a cut-through proxy. "Proxy" is the ASA doing the server's authentication, and "cut-through" is how all subsequent packets cut through at Layer 3 after the first packet gets authenticated up at the top at the Application layer. Fire up ASDM and see how to configure your cut-through proxy to keep unauthenticated users off your servers.

Start learning with CBT Nuggets: