Firewall Wizards mailing list archives

RE: PIX question

From: "Martijn Berlage" <Martijn () Berlage org>
Date: Tue, 14 Mar 2006 09:49:15 +0100

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com 
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf 
Of Brian Loe

Question: Why would the inbound ACL on dmz2 prevent it from 
sending traffic to the outside interface with a lower 
security setting? Does an ACL applied to a dmz interface have 
an implied deny all - even for lower security interfaces?


Yes. Only when no ACL is set, an implicit allow any any to lower
security interfaces is used. In the PDM, this shows up as an 'implicit
outbound rule'. When setting an ACL, it's ended with an implicit deny
any any.

Martijn
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

PIX question Brian Loe (Mar 13)
- RE: PIX question Bruce Smith (Mar 14)
- Re: PIX question Avishai Wool (Mar 14)
- Re: PIX question david_harris (Mar 15)
- <Possible follow-ups>
- RE: PIX question Martijn Berlage (Mar 14)