Firewall Wizards mailing list archives
RE: PIX question
From: "Martijn Berlage" <Martijn () Berlage org>
Date: Tue, 14 Mar 2006 09:49:15 +0100
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Brian Loe
Question: Why would the inbound ACL on dmz2 prevent it from sending traffic to the outside interface with a lower security setting? Does an ACL applied to a dmz interface have an implied deny all - even for lower security interfaces?
Yes. Only when no ACL is set, an implicit allow any any to lower security interfaces is used. In the PDM, this shows up as an 'implicit outbound rule'. When setting an ACL, it's ended with an implicit deny any any. Martijn _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX question Brian Loe (Mar 13)
- RE: PIX question Bruce Smith (Mar 14)
- Re: PIX question Avishai Wool (Mar 14)
- Re: PIX question david_harris (Mar 15)
- <Possible follow-ups>
- RE: PIX question Martijn Berlage (Mar 14)