I have been looking for a good "article" on access-list's and have not found one. I have taken over as an SA and have a PIX515R. They setup NO access-lists and let all traffic though..so basically it is a sitting waste of money right?! I put on the SANS recommended list of anti-spoofing access-list's but I am looking for more. I have real world IP's on my "inside" network and went to and have them show me how secure my system is..ha. So basically I want to lock down the inside but still be able to surf the net and do other things we need. I setup an access list restricting some flow and seem to lock everyone out. Any suggestions?